Fixed bug #34884 (Possible crash in ext/sqlite when sqlite.assoc_case is

being used).

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index a557619daa128bc264a7418bee7cfc0fc9ff43d4..5abf8e59b1911aa41db5befafd9dab9ea4999305 100644 (file)
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -1441,14 +1441,13 @@ next_row:
                /* first row - lets copy the column names */
                rres->col_names = safe_emalloc(rres->ncolumns, sizeof(char *), 0);
                for (i = 0; i < rres->ncolumns; i++) {
-                       colname = (char*)colnames[i];
+                       rres->col_names[i] = estrdup((char*)colnames[i]);
 
                        if (SQLITE_G(assoc_case) == 1) {
-                               php_sqlite_strtoupper(colname);
+                               php_sqlite_strtoupper(rres->col_names[i]);
                        } else if (SQLITE_G(assoc_case) == 2) {
-                               php_sqlite_strtolower(colname);
+                               php_sqlite_strtolower(rres->col_names[i]);
                        }
-                       rres->col_names[i] = estrdup(colname);
                }
                if (!rres->buffered) {
                        /* non buffered mode - also fetch memory for on single row */
@@ -1687,7 +1686,7 @@ PHP_FUNCTION(sqlite_fetch_column_types)
        array_init(return_value);
 
        for (i = 0; i < ncols; i++) {
-               char *colname = (char *)colnames[i];
+               char *colname = estrdup((char *)colnames[i]);
 
                if (SQLITE_G(assoc_case) == 1) {
                        php_sqlite_strtoupper(colname);
@@ -1717,6 +1716,7 @@ PHP_FUNCTION(sqlite_fetch_column_types)
                                add_index_string(return_value, i, colnames[ncols + i] ? (char *)colnames[ncols + i] : "", 1);
                        }
                }
+               efree(colname);
        }
 
 done: