php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #69972
Patch 69972.patch revision 2015-06-30 15:53 UTC by remi@php.net

Patch 69972.patch for SQLite related Bug #69972

Patch version 2015-06-30 15:53 UTC

Return to Bug #69972 | Download this patch
Patch Revisions:

Developer: remi@php.net

From bb82d29acbdea72c7466ee93111c96d317a0b9f8 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Tue, 30 Jun 2015 17:51:56 +0200
Subject: [PATCH] Fix bug #69972 (use after free)

---
 ext/sqlite3/sqlite3.c           |  1 +
 ext/sqlite3/tests/bug69972.phpt | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 ext/sqlite3/tests/bug69972.phpt

diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index ce3af65..533f170 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -198,6 +198,7 @@ PHP_METHOD(sqlite3, close)
 			RETURN_FALSE;
 		}
 		db_obj->initialised = 0;
+		db_obj->db = NULL;
 	}
 
 	RETURN_TRUE;
diff --git a/ext/sqlite3/tests/bug69972.phpt b/ext/sqlite3/tests/bug69972.phpt
new file mode 100644
index 0000000..c925249
--- /dev/null
+++ b/ext/sqlite3/tests/bug69972.phpt
@@ -0,0 +1,27 @@
+--TEST--
+Bug #69972 use after-free
+--SKIPIF--
+<?php
+if (!extension_loaded('sqlite3')) die('skip');
+?>
+--FILE--
+<?php
+$db = new SQLite3(':memory:');
+echo "SELECTING from invalid table\n";
+$result = $db->query("SELECT * FROM non_existent_table");
+echo "Closing database\n";
+var_dump($db->close());
+// Trigger the use-after-free
+var_dump($db->lastErrorCode());
+?>
+Done
+--EXPECTF--
+SELECTING from invalid table
+
+Warning: SQLite3::query(): Unable to prepare statement: 1, no such table: non_existent_table in %sbug69972.php on line 4
+Closing database
+bool(true)
+
+Warning: SQLite3::lastErrorCode(): The SQLite3 object has not been correctly initialised in %sbug69972.php on line 8
+bool(false)
+Done
-- 
2.1.0

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 11:01:29 2024 UTC