From 260e0e9bd3712e37da36c81afe8c0c22f86aae0f Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Tue, 18 Feb 2025 13:45:31 +0100 Subject: [PATCH] Fix GH-17837: ::getColumnMeta() on unexecuted statement segfaults We cannot properly get the column meta data of a statement which has been prepared, but has not yet been executed. As such we bail out early, reporting failure. Closes GH-17850. --- NEWS | 4 ++++ ext/pdo_sqlite/sqlite_statement.c | 2 +- ext/pdo_sqlite/tests/gh17837.phpt | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ext/pdo_sqlite/tests/gh17837.phpt diff --git a/NEWS b/NEWS index 7c20204a62e..af80e9a4bb6 100644 --- a/NEWS +++ b/NEWS @@ -40,6 +40,10 @@ PHP NEWS JIT crash). (nielsdos) . Fixed bug GH-17577 (JIT packed type guard crash). (nielsdos, Dmitry) +- PDO_SQLite: + . Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults). + (cmb) + - Phar: . Fixed bug GH-17808: PharFileInfo refcount bug. (nielsdos) diff --git a/ext/pdo_sqlite/sqlite_statement.c b/ext/pdo_sqlite/sqlite_statement.c index c6b907f6fc2..16aac6095af 100644 --- a/ext/pdo_sqlite/sqlite_statement.c +++ b/ext/pdo_sqlite/sqlite_statement.c @@ -305,7 +305,7 @@ static int pdo_sqlite_stmt_col_meta(pdo_stmt_t *stmt, zend_long colno, zval *ret const char *str; zval flags; - if (!S->stmt) { + if (!S->stmt || !stmt->executed) { return FAILURE; } if(colno >= sqlite3_column_count(S->stmt)) { diff --git a/ext/pdo_sqlite/tests/gh17837.phpt b/ext/pdo_sqlite/tests/gh17837.phpt new file mode 100644 index 00000000000..c8e1f6dab28 --- /dev/null +++ b/ext/pdo_sqlite/tests/gh17837.phpt @@ -0,0 +1,14 @@ +--TEST-- +GH-17837 (::getColumnMeta() on unexecuted statement segfaults) +--EXTENSIONS-- +pdo_sqlite +--CREDITS-- +YuanchengJiang +--FILE-- +prepare('select :a, :b, ?'); +var_dump($stmt->getColumnMeta(0)); +?> +--EXPECT-- +bool(false)