MFB Fixed bug #46033 (Segfault when instantiating SQLite3Stmt and SQLite3Result)

diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 2e1578b2b8f566772e6e0cea157818a3a284fcdf..5028ad77ee68e36aa6ebb89cae32b0da87c34bd6 100644 (file)
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -1652,7 +1652,9 @@ static void php_sqlite3_stmt_object_free_storage(void *object TSRMLS_DC) /* {{{
                        (int (*)(void *, void *)) php_sqlite3_compare_stmt_free);
        }
 
-       Z_DELREF_P(intern->db_obj_zval);
+       if (intern->db_obj_zval) {
+               Z_DELREF_P(intern->db_obj_zval);
+       }
 
        zend_object_std_dtor(&intern->zo TSRMLS_CC);
        efree(intern);
@@ -1666,16 +1668,17 @@ static void php_sqlite3_result_object_free_storage(void *object TSRMLS_DC) /* {{
        if (!intern) {
                return;
        }
-
-       if (intern->stmt_obj->initialised) {
-               sqlite3_reset(intern->stmt_obj->stmt);
-       }
-
-       if (intern->is_prepared_statement == 0) {
-               zval_dtor(intern->stmt_obj_zval);
-               FREE_ZVAL(intern->stmt_obj_zval);
-       } else {
-               zval_ptr_dtor(&intern->stmt_obj_zval);
+       if (intern->stmt_obj_zval) {
+               if (intern->stmt_obj->initialised) {
+                       sqlite3_reset(intern->stmt_obj->stmt);
+               }
+               
+               if (intern->is_prepared_statement == 0) {
+                       zval_dtor(intern->stmt_obj_zval);
+                       FREE_ZVAL(intern->stmt_obj_zval);
+               } else {
+                       zval_ptr_dtor(&intern->stmt_obj_zval);
+               }
        }
 
        zend_object_std_dtor(&intern->zo TSRMLS_CC);
@@ -1716,6 +1719,8 @@ static zend_object_value php_sqlite3_stmt_object_new(zend_class_entry *class_typ
        intern = emalloc(sizeof(php_sqlite3_stmt));
        memset(&intern->zo, 0, sizeof(php_sqlite3_stmt));
 
+       intern->db_obj_zval = NULL;
+
        zend_object_std_init(&intern->zo, class_type TSRMLS_CC);
        zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *));
 
@@ -1738,6 +1743,7 @@ static zend_object_value php_sqlite3_result_object_new(zend_class_entry *class_t
 
        intern->complete = 0;
        intern->is_prepared_statement = 0;
+       intern->stmt_obj_zval = NULL;
 
        zend_object_std_init(&intern->zo, class_type TSRMLS_CC);
        zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,(void *) &tmp, sizeof(zval *));