php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79293 SQLite3Result::fetchArray() may fetch rows after last row
Submitted: 2020-02-21 10:31 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: cmb@php.net Assigned:
Status: Open Package: SQLite related
PHP Version: 7.3Git-2020-02-21 (Git) OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2020-02-21 10:31 UTC] cmb@php.net
Description:
------------
SQLite3Result::fetchArray() returns FALSE if a query result has
been fully fetched; however, calling SQLite3::fetchArray()
afterwards on this result set may allow to traverse it again
without having called SQLite3Result::reset().

From the sqlite3_step() docs[1] (emphasis mine):

| SQLITE_DONE means that the statement has finished executing
| successfully. sqlite3_step() *should* *not* be called again on
| this virtual machine without first calling sqlite3_reset() to
| reset the virtual machine back to its initial state.

So this behavior of SQLite3Result::fetchArray() relies on
something that should not be done, and therefore might trigger
arbitrary behavior.  And even if the behavior is reliable, it
would still be confusing, see e.g. parts of the second example of
bug #64531.

[1] <https://www.sqlite.org/c3ref/step.html>


Test script:
---------------
<?php
$db = new SQLite3(':memory:');
$db->exec("CREATE TABLE foo (bar INT)");
for ($i = 1; $i <= 3; $i++) {
    $db->exec("INSERT INTO foo VALUES ($i)");
}

$res = $db->query("SELECT * FROM foo");
while (($row = $res->fetchArray(SQLITE3_ASSOC))) {
    var_dump($row);
}
var_dump($res->fetchArray(SQLITE3_ASSOC));
?>


Expected result:
----------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
bool(false)

Actual result:
--------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
array(1) {
  ["bar"]=>
  int(1)
}


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-24 11:57 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: [POC] Fix #64531: SQLite3Result::fetchArray runs the query again
On GitHub:  https://github.com/php/php-src/pull/5204
Patch:      https://github.com/php/php-src/pull/5204.patch
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Jun 03 20:01:26 2020 UTC