From: Operating system: linux PHP version: 5.3SVN-2010-12-03 (SVN) Package: SQLite related Bug Type: Bug Bug description:sqlite3 columnName() segfaults on bad column_number
Description: ------------ PHP's SQLite3Result::columnName() method produces a segmentation fault when column_number exceeds the column count. Inside ext/sqlite3/sqlite3.c, PHP utlizes RETVAL_STRING for the data coming back from SQLite's sqlite3_column_name() function. But inside ext/sqlite3/libsqlite/sqlite3.c, their sqlite3_column_name() function calls columnName(), which returns 0 on error conditions. PHP's C code needs to be adjusted to account for mixed type results from sqlite3_column_name(). When making this fix, it seems PHP should return FALSE if sqlite3_column_name() produces 0. Test script: --------------- $db = new SQLite3(':memory:'); $db->exec('CREATE TABLE test (whatever INTEGER)'); $db->exec('INSERT INTO test (whatever) VALUES (1)'); $result = $db->query('SELECT * FROM test'); while ($row = $result->fetchArray(SQLITE3_NUM)) { var_dump($result->columnName(0)); // string(8) "whatever" // Seems returning false will be most appropriate. var_dump($result->columnName(3)); // Segmentation fault } $result->finalize(); $db->close(); echo "Done\n"; Expected result: ---------------- string(8) "whatever" bool(false) Done Actual result: -------------- string(8) "whatever" Segmentation fault -- Edit bug report at http://bugs.php.net/bug.php?id=53463&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53463&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53463&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53463&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53463&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53463&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53463&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53463&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53463&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53463&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53463&r=support Expected behavior: http://bugs.php.net/fix.php?id=53463&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53463&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53463&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53463&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53463&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53463&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53463&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53463&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53463&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53463&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53463&r=mysqlcfg