php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28112 sqlite_query() crashing apache on malformed query
Submitted: 2004-04-23 00:10 UTC Modified: 2004-04-23 01:02 UTC
From: csaba at alum dot mit dot edu Assigned:
Status: Closed Package: SQLite related
PHP Version: 5.0.0RC2RC1, 4.3.7dev OS: *
Private report: No CVE-ID:
 [2004-04-23 00:10 UTC] csaba at alum dot mit dot edu
Description:
------------
apache dies on an empty query (Apache.exe has generated errors and will be closed by Windows ...).

Note that it does not die if the second line in the code below is missing [sqlite_query ($db, "create table frob ..." ].  Also, sqlite_query did OK.

Csaba Gabor

PS.  Note that this appears similar to bug 25502 at
http://bugs.php.net/bug.php?id=25502

Reproduce code:
---------------
if (!($db = sqlite_open(":memory:", 666, $error))) die ("Couldn't open the database");
sqlite_query($db, "create table frob (foo INTEGER PRIMARY KEY, bar text);");
$res = sqlite_array_query($db, "");
print "passed";


Expected result:
----------------
I wouldn't expect more than a warning.  Taking the entire server down seems extreme.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-23 00:12 UTC] csaba at alum dot mit dot edu
Doggone it.  The title was supposed to be sqlite_array_query() crashing apache on malformed query.
 [2004-04-23 01:01 UTC] helly@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.
 [2004-04-23 01:02 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 04:01:55 2014 UTC