Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with non-bundled

sqlite2 lib).
2025-08-16 05:58:45 +02:00 · 2007-05-05 15:36:15 +00:00 · 2007-05-05 15:36:15 +00:00 · 502d68e1e7
commit 502d68e1e7
parent c70105610a
3 changed files with 10 additions and 4 deletions
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@ -110,9 +110,13 @@ PS_READ_FUNC(sqlite)
 		case SQLITE_ROW:
 			if (rowdata[0] != NULL) {
 				*vallen = strlen(rowdata[0]);
-				*val = emalloc(*vallen);
-				*vallen = sqlite_decode_binary(rowdata[0], *val);
-				(*val)[*vallen] = '\0';
+				if (*vallen) {
+					*val = emalloc(*vallen);
+					*vallen = sqlite_decode_binary(rowdata[0], *val);
+					(*val)[*vallen] = '\0';
+				} else {
+					*val = STR_EMPTY_ALLOC();
+				}
 			}
 			break;
 		default: