diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2010-04-28 12:10:10 +0000 | 
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2010-04-28 12:10:10 +0000 | 
| commit | 9fac561399144d4b9b1c8d7c29bbf82643f25d2d (patch) | |
| tree | c8cf33fbba8e89196d7b76aaad95b8d1b69cdc70 /ext/sqlite/sqlite.c | |
| parent | cc4a1783452b817164f1e75de627368c5470e660 (diff) | |
| download | php-git-9fac561399144d4b9b1c8d7c29bbf82643f25d2d.tar.gz | |
Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.
Diffstat (limited to 'ext/sqlite/sqlite.c')
| -rw-r--r-- | ext/sqlite/sqlite.c | 4 | 
1 files changed, 2 insertions, 2 deletions
| diff --git a/ext/sqlite/sqlite.c b/ext/sqlite/sqlite.c index 4c1b3f11b1..db0dab40ba 100644 --- a/ext/sqlite/sqlite.c +++ b/ext/sqlite/sqlite.c @@ -2499,7 +2499,7 @@ PHP_FUNCTION(sqlite_array_query)  		return;  	} -	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); +	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));  	sqlite_query(NULL, db, sql, sql_len, (int)mode, 0, NULL, &rres, NULL TSRMLS_CC);  	if (db->last_err_code != SQLITE_OK) {  		if (rres) { @@ -2615,7 +2615,7 @@ PHP_FUNCTION(sqlite_single_query)  		return;  	} -	rres = (struct php_sqlite_result *)emalloc(sizeof(*rres)); +	rres = (struct php_sqlite_result *)ecalloc(1, sizeof(*rres));  	sqlite_query(NULL, db, sql, sql_len, PHPSQLITE_NUM, 0, NULL, &rres, NULL TSRMLS_CC);  	if (db->last_err_code != SQLITE_OK) {  		if (rres) { | 
