From 502d68e1e7d28ec35ae2bb8aea9d31db32da82bd Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Sat, 5 May 2007 15:36:15 +0000
Subject: Fixed bug #41285 (Improved fix for CVE-2007-1887 to work with
 non-bundled sqlite2 lib).

---
 ext/sqlite/sess_sqlite.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'ext/sqlite/sess_sqlite.c')

diff --git a/ext/sqlite/sess_sqlite.c b/ext/sqlite/sess_sqlite.c
index 785704faf7..c893baad98 100644
--- a/ext/sqlite/sess_sqlite.c
+++ b/ext/sqlite/sess_sqlite.c
@@ -110,9 +110,13 @@ PS_READ_FUNC(sqlite)
 		case SQLITE_ROW:
 			if (rowdata[0] != NULL) {
 				*vallen = strlen(rowdata[0]);
-				*val = emalloc(*vallen);
-				*vallen = sqlite_decode_binary(rowdata[0], *val);
-				(*val)[*vallen] = '\0';
+				if (*vallen) {
+					*val = emalloc(*vallen);
+					*vallen = sqlite_decode_binary(rowdata[0], *val);
+					(*val)[*vallen] = '\0';
+				} else {
+					*val = STR_EMPTY_ALLOC();
+				}
 			}
 			break;
 		default:
-- 
cgit v1.2.1