- Fixed possible crash when calling SQLiteDatabase::{ArrayQuery, SingleQuery} methods...

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 296b68437ae0b260e0f1b75e1728e72acd9b0040..617bcbc8d0e5ef24f991b9c77b39315f0b03049e 100644 (file)
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -125,7 +125,7 @@ PHP_INI_END()
        }
 
 #define PHP_SQLITE_EMPTY_QUERY \
-       if (!sql_len) { \
+       if (!sql_len || !*sql) { \
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute empty query."); \
                RETURN_FALSE; \
        }

diff --git a/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt b/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt
new file mode 100644 (file)
index 0000000..1e3084c
--- /dev/null
+++ b/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Testing SQLiteDatabase::ArrayQuery with NULL-byte string
+--SKIPIF--
+<?php
+if (!extension_loaded("sqlite")) print "skip";
+?>
+--FILE--
+<?php
+
+$method = new ReflectionMethod('sqlitedatabase::arrayquery');
+
+$class = $method->getDeclaringClass()->newInstanceArgs(array(':memory:'));
+
+$p = "\0";
+
+$method->invokeArgs($class, array_fill(0, 2, $p));
+$method->invokeArgs($class, array_fill(0, 1, $p));
+
+?>
+--EXPECTF--
+Warning: SQLiteDatabase::arrayQuery() expects parameter 2 to be long, string given in %s on line %d
+
+Warning: SQLiteDatabase::arrayQuery(): Cannot execute empty query. in %s on line %d