fix pdo_sqlite crash with empty bound stream

author Anatol Belski <ab@php.net>

Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)

committer Anatol Belski <ab@php.net>

Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)
author Anatol Belski <ab@php.net>
Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)
committer Anatol Belski <ab@php.net>
Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)
diff --git a/ext/pdo_sqlite/sqlite_statement.c b/ext/pdo_sqlite/sqlite_statement.c

index 9b74b24212a81754777bd98903af5cc4148c802e..93807c834cabf10d23e6f42687604e00c97ad80e 100644 (file)
--- a/ext/pdo_sqlite/sqlite_statement.c
+++ b/ext/pdo_sqlite/sqlite_statement.c
@@ -138,11 +138,12 @@ static int pdo_sqlite_stmt_param_hook(pdo_stmt_t *stmt, struct pdo_bound_param_d
                                                         parameter = &param->parameter;
                                                 }
                                                 if (Z_TYPE_P(parameter) == IS_RESOURCE) {
-                                                       php_stream *stm;
+                                                       php_stream *stm = NULL;
                                                         php_stream_from_zval_no_verify(stm, parameter);
                                                         if (stm) {
+                                                               zend_string *mem = php_stream_copy_to_mem(stm, PHP_STREAM_COPY_ALL, 0);
                                                                 zval_ptr_dtor(parameter);
-                                                               ZVAL_STR(parameter, php_stream_copy_to_mem(stm, PHP_STREAM_COPY_ALL, 0));
+                                                               ZVAL_STR(parameter, mem ? mem : STR_EMPTY_ALLOC());
                                                         } else {
                                                                 pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource");
                                                                 return 0;
diff --git a/ext/pdo_sqlite/tests/bug70862.phpt b/ext/pdo_sqlite/tests/bug70862.phpt

new file mode 100644 (file)

index 0000000..3df1e4f
--- /dev/null
+++ b/ext/pdo_sqlite/tests/bug70862.phpt
@@ -0,0 +1,36 @@
+--TEST--
+PDO_sqlite: Testing sqliteCreateCollation()
+--SKIPIF--
+<?php if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; ?>
+--FILE--
+<?php
+
+$db = new pdo('sqlite::memory:');
+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+
+$db->exec('CREATE TABLE test(field BLOB)');
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);
+$db->setAttribute(PDO::ATTR_STRINGIFY_FETCHES, true);
+
+class HelloWrapper {
+       public function stream_open() { return true; }
+       public function stream_eof() { return true; }
+       public function stream_read() { return NULL; }
+       public function stream_stat() { return array(); }
+}
+stream_wrapper_register("hello", "HelloWrapper");
+
+$f = fopen("hello://there", "r");
+
+$stmt = $db->prepare('INSERT INTO test(field) VALUES (:para)');
+$stmt->bindParam(":para", $f, PDO::PARAM_LOB);
+$stmt->execute();
+
+var_dump($f);
+
+?>
++++DONE+++
+--EXPECTF--
+string(0) ""
++++DONE+++
author	Anatol Belski <ab@php.net>
	Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)
committer	Anatol Belski <ab@php.net>
	Thu, 5 Nov 2015 20:50:34 +0000 (21:50 +0100)
ext/pdo_sqlite/sqlite_statement.c		patch \| blob \| history
ext/pdo_sqlite/tests/bug70862.phpt	[new file with mode: 0644]	patch \| blob