From 9fac561399144d4b9b1c8d7c29bbf82643f25d2d Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 28 Apr 2010 12:10:10 +0000
Subject: Fixed a possible arbitrary memory access inside sqlite extension.
 Reported by Mateusz Kocielski.

---
 ext/sqlite/sqlite.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'ext/sqlite/sqlite.c')

diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c
index 4c1b3f11b1..db0dab40ba 100644
--- a/ext/sqlite/sqlite.c
+++ b/ext/sqlite/sqlite.c
@@ -2499,7 +2499,7 @@ PHP_FUNCTION(sqlite_array_query)
 		return;
 	}
 
-	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres));
+	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));
 	sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, &rres, NULL TSRMLS_CC);
 	if (db->last_err_code != SQLITE_OK) {
 		if (rres) {
@@ -2615,7 +2615,7 @@ PHP_FUNCTION(sqlite_single_query)
 		return;
 	}
 
-	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres));
+	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));
 	sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, &rres, NULL TSRMLS_CC);
 	if (db->last_err_code != SQLITE_OK) {
 		if (rres) {
-- 
cgit v1.2.1