diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-19 10:22:08 +0200 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2020-10-19 10:22:56 +0200 |
commit | 74fe9170b65740bcdc41c9706ec38c31654c12f6 (patch) | |
tree | 34fb6a8ac63cadafd0763f25b88e29d0b7696b85 | |
parent | f076ab0c0cd352cdd70040ba50d40cd229a463ad (diff) | |
download | php-git-74fe9170b65740bcdc41c9706ec38c31654c12f6.tar.gz |
Check PDOStatement initialization during iteration
-rw-r--r-- | ext/pdo/pdo_stmt.c | 11 | ||||
-rw-r--r-- | ext/pdo/tests/pdo_uninitialized.phpt | 39 |
2 files changed, 46 insertions, 4 deletions
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c index 3222a617f0..f8ff90ba9b 100644 --- a/ext/pdo/pdo_stmt.c +++ b/ext/pdo/pdo_stmt.c @@ -2287,15 +2287,18 @@ static const zend_object_iterator_funcs pdo_stmt_iter_funcs = { zend_object_iterator *pdo_stmt_iter_get(zend_class_entry *ce, zval *object, int by_ref) { - pdo_stmt_t *stmt = Z_PDO_STMT_P(object); - struct php_pdo_iterator *I; - if (by_ref) { zend_throw_error(NULL, "An iterator cannot be used with foreach by reference"); return NULL; } - I = ecalloc(1, sizeof(struct php_pdo_iterator)); + pdo_stmt_t *stmt = Z_PDO_STMT_P(object); + if (!stmt->dbh) { + zend_throw_error(NULL, "PDO object is uninitialized"); + return NULL; + } + + struct php_pdo_iterator *I = ecalloc(1, sizeof(struct php_pdo_iterator)); zend_iterator_init(&I->iter); I->iter.funcs = &pdo_stmt_iter_funcs; Z_ADDREF_P(object); diff --git a/ext/pdo/tests/pdo_uninitialized.phpt b/ext/pdo/tests/pdo_uninitialized.phpt new file mode 100644 index 0000000000..4ddfa7558c --- /dev/null +++ b/ext/pdo/tests/pdo_uninitialized.phpt @@ -0,0 +1,39 @@ +--TEST-- +Uninitialized PDO objects +--SKIPIF-- +<?php if (!extension_loaded('pdo')) die('skip'); ?> +--FILE-- +<?php + +class MyPDO extends PDO { + public function __construct() {} +} +class MyPDOStatement extends PDOStatement { + public function __construct() {} +} + +$pdo = new MyPDO; +try { + $pdo->query("foo"); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +$stmt = new MyPDOStatement; +try { + $stmt->fetch(); +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} +$stmt = new MyPDOStatement; +try { + foreach ($stmt as $row) {} +} catch (Error $e) { + echo $e->getMessage(), "\n"; +} + +?> +--EXPECT-- +PDO object is not initialized, constructor was not called +PDO object is uninitialized +PDO object is uninitialized |