Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash)

diff --git a/NEWS b/NEWS
index 9af6d5a1b7b5a094cfd32ba2fb104a07b0ffa348..64cffd9091ddedebb27c3c09de514a7d2f4d1fe1 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ PHP                                                                        NEWS
 - SPL:
   . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
 
+- SQLite3:
+  . Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
+
 - Standard:
   . Fixed bug #72152 (base64_decode $strict fails to detect null byte).
     (Lauri Kenttä)

diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 9436c158b5051356bad5cd4a54255cc9ee68ed00..0e0ef09d2570e57517bc280468b57183b1355a0a 100644 (file)
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1394,7 +1394,9 @@ static int register_bound_parameter_to_sqlite(struct php_sqlite3_bound_param *pa
        }
 
        if (param->param_number < 1) {
-               zend_string_release(param->name);
+               if (param->name) {
+                       zend_string_release(param->name);
+               }
                return 0;
        }
 

diff --git a/ext/sqlite3/tests/bug72571.phpt b/ext/sqlite3/tests/bug72571.phpt
new file mode 100644 (file)
index 0000000..3ffde29
--- /dev/null
+++ b/ext/sqlite3/tests/bug72571.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash)
+--SKIPIF--
+<?php
+if (!extension_loaded('sqlite3')) die('skip'); ?>
+--FILE--
+<?php
+$db = new SQLite3(':memory:');
+
+$stmt = $db->prepare("select 1 = ?");
+
+// bindParam crash
+$i = 0;
+$stmt->bindParam(0, $i);
+
+var_dump($stmt->execute());
+$db->close();
+?>
+--EXPECTF--
+object(SQLite3Result)#%d (0) {
+}