php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79293 SQLite3Result::fetchArray() may fetch rows after last row
Submitted: 2020-02-21 10:31 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: cmb@php.net Assigned:
Status: Open Package: SQLite related
PHP Version: 7.3Git-2020-02-21 (Git) OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2020-02-21 10:31 UTC] cmb@php.net
Description:
------------
SQLite3Result::fetchArray() returns FALSE if a query result has
been fully fetched; however, calling SQLite3::fetchArray()
afterwards on this result set may allow to traverse it again
without having called SQLite3Result::reset().

From the sqlite3_step() docs[1] (emphasis mine):

| SQLITE_DONE means that the statement has finished executing
| successfully. sqlite3_step() *should* *not* be called again on
| this virtual machine without first calling sqlite3_reset() to
| reset the virtual machine back to its initial state.

So this behavior of SQLite3Result::fetchArray() relies on
something that should not be done, and therefore might trigger
arbitrary behavior.  And even if the behavior is reliable, it
would still be confusing, see e.g. parts of the second example of
bug #64531.

[1] <https://www.sqlite.org/c3ref/step.html>


Test script:
---------------
<?php
$db = new SQLite3(':memory:');
$db->exec("CREATE TABLE foo (bar INT)");
for ($i = 1; $i <= 3; $i++) {
    $db->exec("INSERT INTO foo VALUES ($i)");
}

$res = $db->query("SELECT * FROM foo");
while (($row = $res->fetchArray(SQLITE3_ASSOC))) {
    var_dump($row);
}
var_dump($res->fetchArray(SQLITE3_ASSOC));
?>


Expected result:
----------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
bool(false)

Actual result:
--------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
array(1) {
  ["bar"]=>
  int(1)
}


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-24 11:57 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: [POC] Fix #64531: SQLite3Result::fetchArray runs the query again
On GitHub:  https://github.com/php/php-src/pull/5204
Patch:      https://github.com/php/php-src/pull/5204.patch
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sat Oct 24 18:01:28 2020 UTC