php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #79293 SQLite3Result::fetchArray() may fetch rows after last row
Submitted: 2020-02-21 10:31 UTC Modified: -
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: cmb@php.net Assigned:
Status: Open Package: SQLite related
PHP Version: 7.3Git-2020-02-21 (Git) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cmb@php.net
New email:
PHP Version: OS:

 

 [2020-02-21 10:31 UTC] cmb@php.net
Description:
------------
SQLite3Result::fetchArray() returns FALSE if a query result has
been fully fetched; however, calling SQLite3::fetchArray()
afterwards on this result set may allow to traverse it again
without having called SQLite3Result::reset().

From the sqlite3_step() docs[1] (emphasis mine):

| SQLITE_DONE means that the statement has finished executing
| successfully. sqlite3_step() *should* *not* be called again on
| this virtual machine without first calling sqlite3_reset() to
| reset the virtual machine back to its initial state.

So this behavior of SQLite3Result::fetchArray() relies on
something that should not be done, and therefore might trigger
arbitrary behavior.  And even if the behavior is reliable, it
would still be confusing, see e.g. parts of the second example of
bug #64531.

[1] <https://www.sqlite.org/c3ref/step.html>


Test script:
---------------
<?php
$db = new SQLite3(':memory:');
$db->exec("CREATE TABLE foo (bar INT)");
for ($i = 1; $i <= 3; $i++) {
    $db->exec("INSERT INTO foo VALUES ($i)");
}

$res = $db->query("SELECT * FROM foo");
while (($row = $res->fetchArray(SQLITE3_ASSOC))) {
    var_dump($row);
}
var_dump($res->fetchArray(SQLITE3_ASSOC));
?>


Expected result:
----------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
bool(false)

Actual result:
--------------
array(1) {
  ["bar"]=>
  int(1)
}
array(1) {
  ["bar"]=>
  int(2)
}
array(1) {
  ["bar"]=>
  int(3)
}
array(1) {
  ["bar"]=>
  int(1)
}


Patches

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-02-24 11:57 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: [POC] Fix #64531: SQLite3Result::fetchArray runs the query again
On GitHub:  https://github.com/php/php-src/pull/5204
Patch:      https://github.com/php/php-src/pull/5204.patch
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 18 11:03:36 2021 UTC