Fixed a crash inside sqlite_array_query() when invalid query

Ilia Alshanetsky · Ilia Alshanetsky · commit 43b0c8adea42 · 2003-06-23T19:30:42.000Z
is specified.
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
@@ -972,8 +972,11 @@ void sqlite_query(struct php_sqlite_db *db, char *sql, long sql_len, int mode, i
 	if (ret != SQLITE_OK) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s", errtext);
 		sqlite_freemem(errtext);
-		
-		RETURN_FALSE;
+		if (return_value) {
+			RETURN_FALSE;
+		} else {
+			return;
+		}
 	}
 
 	if (!rres) {
@@ -987,7 +990,11 @@ void sqlite_query(struct php_sqlite_db *db, char *sql, long sql_len, int mode, i
 	/* now the result set is ready for stepping: get first row */
 	if (php_sqlite_fetch(rres TSRMLS_CC) != SQLITE_OK) {
 		real_result_dtor(rres TSRMLS_CC);
-		RETURN_FALSE;
+		if (return_value) {
+			RETURN_FALSE;
+		} else {
+			return;	
+		}
 	}
 	
 	rres->curr_row = 0;
@@ -1276,6 +1283,10 @@ PHP_FUNCTION(sqlite_array_query)
 
 	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres));
 	sqlite_query(db, sql, sql_len, mode, 0, NULL, rres TSRMLS_CC);
+	if (db->last_err_code != SQLITE_OK) {
+		efree(rres);
+		RETURN_FALSE;
+	}
 
 	array_init(return_value);
 
diff --git a/ext/sqlite/tests/sqlite_018.phpt b/ext/sqlite/tests/sqlite_018.phpt
@@ -0,0 +1,13 @@
+--TEST--
+sqlite: crash on bad queries inside sqlite_array_query()
+--SKIPIF--
+<?php # vim:ft=php
+if (!extension_loaded("sqlite")) print "skip"; ?>
+--FILE--
+<?php
+include "blankdb.inc";
+
+sqlite_array_query($db, "SELECT foo FROM foobar");
+?>
+--EXPECTF--
+Warning: sqlite_array_query(): no such table: foobar in %s on line %d
