From a19655cfe39e4207da211610e3fc6550a6af07a0 Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Mon, 11 Jul 2016 11:51:19 +0800 Subject: [PATCH] Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash) --- NEWS | 3 +++ ext/sqlite3/sqlite3.c | 4 +++- ext/sqlite3/tests/bug72571.phpt | 21 +++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 ext/sqlite3/tests/bug72571.phpt diff --git a/NEWS b/NEWS index 9af6d5a1b7..64cffd9091 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,9 @@ PHP NEWS - SPL: . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU) +- SQLite3: + . Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence) + - Standard: . Fixed bug #72152 (base64_decode $strict fails to detect null byte). (Lauri Kenttä) diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c index 9436c158b5..0e0ef09d25 100644 --- a/ext/sqlite3/sqlite3.c +++ b/ext/sqlite3/sqlite3.c @@ -1394,7 +1394,9 @@ static int register_bound_parameter_to_sqlite(struct php_sqlite3_bound_param *pa } if (param->param_number < 1) { - zend_string_release(param->name); + if (param->name) { + zend_string_release(param->name); + } return 0; } diff --git a/ext/sqlite3/tests/bug72571.phpt b/ext/sqlite3/tests/bug72571.phpt new file mode 100644 index 0000000000..3ffde291c7 --- /dev/null +++ b/ext/sqlite3/tests/bug72571.phpt @@ -0,0 +1,21 @@ +--TEST-- +Bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash) +--SKIPIF-- + +--FILE-- +prepare("select 1 = ?"); + +// bindParam crash +$i = 0; +$stmt->bindParam(0, $i); + +var_dump($stmt->execute()); +$db->close(); +?> +--EXPECTF-- +object(SQLite3Result)#%d (0) { +} -- 2.50.1