[PHP-BUG] Bug #53463 [NEW]: sqlite3 columnName() segfaults on bad column_number

[danielc at analysisandsolutions dot com]

From:             
Operating system: linux
PHP version:      5.3SVN-2010-12-03 (SVN)
Package:          SQLite related
Bug Type:         Bug
Bug description:sqlite3 columnName() segfaults on bad column_number

Description:
------------
PHP's SQLite3Result::columnName() method produces a segmentation fault when
column_number exceeds the column count.



Inside ext/sqlite3/sqlite3.c, PHP utlizes RETVAL_STRING for the data coming
back from SQLite's sqlite3_column_name() function.  But inside
ext/sqlite3/libsqlite/sqlite3.c, their sqlite3_column_name() function calls
columnName(), which returns 0 on error conditions.



PHP's C code needs to be adjusted to account for mixed type results from
sqlite3_column_name().  When making this fix, it seems PHP should return
FALSE if sqlite3_column_name() produces 0.



Test script:
---------------
$db = new SQLite3(':memory:');



$db->exec('CREATE TABLE test (whatever INTEGER)');

$db->exec('INSERT INTO test (whatever) VALUES (1)');



$result = $db->query('SELECT * FROM test');

while ($row = $result->fetchArray(SQLITE3_NUM)) {

    var_dump($result->columnName(0));  // string(8) "whatever"



    // Seems returning false will be most appropriate.

    var_dump($result->columnName(3));  // Segmentation fault

}



$result->finalize();

$db->close();



echo "Done\n";



Expected result:
----------------
string(8) "whatever"

bool(false)

Done



Actual result:
--------------
string(8) "whatever"

Segmentation fault



-- 
Edit bug report at http://bugs.php.net/bug.php?id=53463&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=53463&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=53463&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=53463&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=53463&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=53463&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=53463&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=53463&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=53463&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=53463&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=53463&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=53463&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=53463&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=53463&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=53463&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=53463&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=53463&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=53463&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=53463&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=53463&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=53463&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=53463&r=mysqlcfg