diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2004-05-16 19:49:18 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2004-05-16 19:49:18 +0000 |
commit | b6a9bdfb4f8e3f391c7da5a12b5883b02da7bd10 (patch) | |
tree | 26028caa44bea07b788435d4f1340edabed47c2a | |
parent | e145ab54dab48d905e31b4e6e619ba5eb9fb198c (diff) | |
download | php-git-b6a9bdfb4f8e3f391c7da5a12b5883b02da7bd10.tar.gz |
Better fix for a possible double free in sqlite_single|array_query() when
a failure occurs between query execution and data retrieval.
-rw-r--r-- | ext/sqlite/sqlite.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index aee838384f..b2b13483a4 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -1011,6 +1011,7 @@ terminate: if (return_value) { RETURN_FALSE; } else { + efree(rres); return; } } @@ -1021,7 +1022,6 @@ terminate: memcpy(rres, &res, sizeof(*rres)); rres->db = db; zend_list_addref(db->rsrc_id); - /* now the result set is ready for stepping: get first row */ if (php_sqlite_fetch(rres TSRMLS_CC) != SQLITE_OK) { @@ -1357,10 +1357,7 @@ PHP_FUNCTION(sqlite_array_query) rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); sqlite_query(db, sql, sql_len, mode, 0, NULL, rres TSRMLS_CC); if (db->last_err_code != SQLITE_OK) { - if(!rres->vm) { - /* no query happened - it's out responsibility to free it */ - efree(rres); - } + /* no need to free rres, as it will be freed by sqlite_query() for us */ RETURN_FALSE; } @@ -1465,7 +1462,7 @@ PHP_FUNCTION(sqlite_single_query) rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); sqlite_query(db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, rres TSRMLS_CC); if (db->last_err_code != SQLITE_OK) { - efree(rres); + /* no need to free rres, as it will be freed by sqlite_query() for us */ RETURN_FALSE; } |