From: Felipe Pena <felipe@php.net>
Date: Mon, 12 Oct 2009 19:04:00 +0000 (+0000)
Subject: - Fixed possible crash when calling SQLiteDatabase::{ArrayQuery, SingleQuery} methods... 
X-Git-Tag: php-5.2.12RC1~69
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b46243e2e2e645896f6ea09061923acff8f9138e;p=php

- Fixed possible crash when calling SQLiteDatabase::{ArrayQuery, SingleQuery} methods using Reflection
---

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 296b68437a..617bcbc8d0 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -125,7 +125,7 @@ PHP_INI_END()
 	}
 
 #define PHP_SQLITE_EMPTY_QUERY \
-	if (!sql_len) { \
+	if (!sql_len || !*sql) { \
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute empty query."); \
 		RETURN_FALSE; \
 	}
diff --git a/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt b/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt
new file mode 100644
index 0000000000..1e3084cebe
--- /dev/null
+++ b/ext/sqlite/tests/sqlitedatabase_arrayquery.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Testing SQLiteDatabase::ArrayQuery with NULL-byte string
+--SKIPIF--
+<?php
+if (!extension_loaded("sqlite")) print "skip";
+?>
+--FILE--
+<?php
+
+$method = new ReflectionMethod('sqlitedatabase::arrayquery');
+
+$class = $method->getDeclaringClass()->newInstanceArgs(array(':memory:'));
+
+$p = "\0";
+
+$method->invokeArgs($class, array_fill(0, 2, $p));
+$method->invokeArgs($class, array_fill(0, 1, $p));
+
+?>
+--EXPECTF--
+Warning: SQLiteDatabase::arrayQuery() expects parameter 2 to be long, string given in %s on line %d
+
+Warning: SQLiteDatabase::arrayQuery(): Cannot execute empty query. in %s on line %d