From fda91a054301605ac89049c13e2b3aba07e60319 Mon Sep 17 00:00:00 2001
From: Saki Takamachi <saki@sakiot.com>
Date: Thu, 18 Apr 2024 08:35:50 +0900
Subject: [PATCH] Fix GH-13984: Buffer size is now checked before memcmp
 (#13991)

Fixed an issue where a buffer overflow occurred when a string shorter than
`:memory:` was passed as the db name of pdo_sqlite.

fixed #13984
closes #13991
---
 NEWS                              |  3 +++
 ext/pdo_sqlite/sqlite_driver.c    |  2 +-
 ext/pdo_sqlite/tests/gh13991.phpt | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 ext/pdo_sqlite/tests/gh13991.phpt

diff --git a/NEWS b/NEWS
index 703795dfa1c..bcff2820ded 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
     (Jakub Zelenka)
 
+- PDO SQLite:
+  . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi)
+
 - Phar:
   . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing
     filename causes a NULL pointer dereference). (nielsdos)
diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
index de5170a35a9..2f494c2ddb8 100644
--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
@@ -751,7 +751,7 @@ static char *make_filename_safe(const char *filename)
 		}
 		return estrdup(filename);
 	}
-	if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
+	if (*filename && strcmp(filename, ":memory:")) {
 		char *fullpath = expand_filepath(filename, NULL);
 
 		if (!fullpath) {
diff --git a/ext/pdo_sqlite/tests/gh13991.phpt b/ext/pdo_sqlite/tests/gh13991.phpt
new file mode 100644
index 00000000000..fa847f8ba5b
--- /dev/null
+++ b/ext/pdo_sqlite/tests/gh13991.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Fix GH-13984: Buffer size is now checked before memcmp
+--EXTENSIONS--
+pdo_sqlite
+--SKIPIF--
+<?php if (file_exists(getcwd() . '/13991db')) die('skip File "13991db" already exists.'); ?>
+--FILE--
+<?php
+$dbfile = '13991db';
+$db = new PDO('sqlite:' . $dbfile, null, null, [PDO::ATTR_PERSISTENT => true]);
+echo 'done!';
+?>
+--CLEAN--
+<?php
+@unlink(getcwd() . '/13991db');
+?>
+--EXPECT--
+done!