Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca1ba39

Browse files
laruencelaruence
committed
Merge branch 'PHP-5.6'
Conflicts: ext/sqlite3/sqlite3.c
2 parents 5bd3156 + 26471eb commit ca1ba39

2 files changed

Lines changed: 38 additions & 2 deletions

File tree

ext/sqlite3/sqlite3.c

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -281,7 +281,11 @@ PHP_METHOD(sqlite3, lastErrorCode)
281281
return;
282282
}
283283

284-
RETURN_LONG(sqlite3_errcode(db_obj->db));
284+
if (db_obj->initialised) {
285+
RETURN_LONG(sqlite3_errcode(db_obj->db));
286+
} else {
287+
RETURN_LONG(0);
288+
}
285289
}
286290
/* }}} */
287291

@@ -299,7 +303,11 @@ PHP_METHOD(sqlite3, lastErrorMsg)
299303
return;
300304
}
301305

302-
RETVAL_STRING((char *)sqlite3_errmsg(db_obj->db));
306+
if (db_obj->initialised) {
307+
RETURN_STRING((char *)sqlite3_errmsg(db_obj->db));
308+
} else {
309+
RETURN_EMPTY_STRING();
310+
}
303311
}
304312
/* }}} */
305313

ext/sqlite3/tests/bug69972.phpt

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
--TEST--
2+
Bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk())
3+
--SKIPIF--
4+
<?php
5+
if (!extension_loaded('sqlite3')) die('skip');
6+
?>
7+
--FILE--
8+
<?php
9+
$db = new SQLite3(':memory:');
10+
echo "SELECTING from invalid table\n";
11+
$result = $db->query("SELECT * FROM non_existent_table");
12+
echo "Closing database\n";
13+
var_dump($db->close());
14+
echo "Done\n";
15+
16+
// Trigger the use-after-free
17+
echo "Error Code: " . $db->lastErrorCode() . "\n";
18+
echo "Error Msg: " . $db->lastErrorMsg() . "\n";
19+
?>
20+
--EXPECTF--
21+
SELECTING from invalid table
22+
23+
Warning: SQLite3::query(): Unable to prepare statement: 1, no such table: non_existent_table in %sbug69972.php on line %d
24+
Closing database
25+
bool(true)
26+
Done
27+
Error Code: 0
28+
Error Msg:

0 commit comments

Comments
 (0)