sqlite3: Fix double execution of queries when fetchArray is called

maaarghk · maaarghk · commit 9126634f2686 · 2022-07-06T22:41:56.000+01:00
Introduces a flag which indicates to the fetch function that there is data from a previous call to sqlite3_step that has not yet been surfaced to the running script. When the flag is set, a round of calling sqlite3_step will be skipped. Closes 64531. <https://bugs.php.net/bug.php?id=64531>
diff --git a/ext/sqlite3/php_sqlite3_structs.h b/ext/sqlite3/php_sqlite3_structs.h
@@ -133,6 +133,9 @@ struct _php_sqlite3_stmt_object  {
 	/* Keep track of the zvals for bound parameters */
 	HashTable *bound_params;
 	zend_object zo;
+
+	/* Set when the sqlite3_step(stmt) has been called but no result has been read */
+	int pending_step_return_code;
 };
 
 static inline php_sqlite3_stmt *php_sqlite3_stmt_from_obj(zend_object *obj) {
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
@@ -517,6 +517,7 @@ PHP_METHOD(SQLite3, prepare)
 	object_init_ex(return_value, php_sqlite3_stmt_entry);
 	stmt_obj = Z_SQLITE3_STMT_P(return_value);
 	stmt_obj->db_obj = db_obj;
+	stmt_obj->pending_step_return_code = -1;
 	ZVAL_OBJ_COPY(&stmt_obj->db_obj_zval, Z_OBJ_P(object));
 
 	errcode = sqlite3_prepare_v2(db_obj->db, ZSTR_VAL(sql), ZSTR_LEN(sql), &(stmt_obj->stmt), NULL);
@@ -571,6 +572,7 @@ PHP_METHOD(SQLite3, query)
 	object_init_ex(&stmt, php_sqlite3_stmt_entry);
 	stmt_obj = Z_SQLITE3_STMT_P(&stmt);
 	stmt_obj->db_obj = db_obj;
+	stmt_obj->pending_step_return_code = -1;
 	ZVAL_OBJ_COPY(&stmt_obj->db_obj_zval, Z_OBJ_P(object));
 
 	return_code = sqlite3_prepare_v2(db_obj->db, ZSTR_VAL(sql), ZSTR_LEN(sql), &(stmt_obj->stmt), NULL);
@@ -591,17 +593,19 @@ PHP_METHOD(SQLite3, query)
 	ZVAL_OBJ(&result->stmt_obj_zval, Z_OBJ(stmt));
 
 	return_code = sqlite3_step(result->stmt_obj->stmt);
+	stmt_obj->pending_step_return_code = return_code;
 
 	switch (return_code) {
-		case SQLITE_ROW: /* Valid Row */
 		case SQLITE_DONE: /* Valid but no results */
+			sqlite3_reset(stmt_obj->stmt);
+			ZEND_FALLTHROUGH;
+		case SQLITE_ROW: /* Valid Row */
 		{
 			php_sqlite3_free_list *free_item;
 			free_item = emalloc(sizeof(php_sqlite3_free_list));
 			free_item->stmt_obj = stmt_obj;
 			free_item->stmt_obj_zval = stmt;
 			zend_llist_add_element(&(db_obj->free_list), &free_item);
-			sqlite3_reset(result->stmt_obj->stmt);
 			break;
 		}
 		default:
@@ -1436,6 +1440,9 @@ PHP_METHOD(SQLite3Stmt, reset)
 		php_sqlite3_error(stmt_obj->db_obj, "Unable to reset statement: %s", sqlite3_errmsg(sqlite3_db_handle(stmt_obj->stmt)));
 		RETURN_FALSE;
 	}
+
+	stmt_obj->pending_step_return_code = -1;
+
 	RETURN_TRUE;
 }
 /* }}} */
@@ -1457,6 +1464,8 @@ PHP_METHOD(SQLite3Stmt, clear)
 		RETURN_FALSE;
 	}
 
+	stmt_obj->pending_step_return_code = -1;
+
 	if (stmt_obj->bound_params) {
 		zend_hash_destroy(stmt_obj->bound_params);
 		FREE_HASHTABLE(stmt_obj->bound_params);
@@ -1787,7 +1796,6 @@ PHP_METHOD(SQLite3Stmt, execute)
 		case SQLITE_ROW: /* Valid Row */
 		case SQLITE_DONE: /* Valid but no results */
 		{
-			sqlite3_reset(stmt_obj->stmt);
 			object_init_ex(return_value, php_sqlite3_result_entry);
 			result = Z_SQLITE3_RESULT_P(return_value);
 
@@ -1796,6 +1804,7 @@ PHP_METHOD(SQLite3Stmt, execute)
 			result->stmt_obj = stmt_obj;
 			result->column_names = NULL;
 			result->column_count = -1;
+			stmt_obj->pending_step_return_code = return_code;
 			ZVAL_OBJ_COPY(&result->stmt_obj_zval, Z_OBJ_P(object));
 
 			break;
@@ -1941,7 +1950,16 @@ PHP_METHOD(SQLite3Result, fetchArray)
 
 	SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result)
 
-	ret = sqlite3_step(result_obj->stmt_obj->stmt);
+	if (result_obj->stmt_obj->pending_step_return_code != -1) {
+		// The SQLite3Result object has just been initialised by SQLite3::query
+		// or SQLite3Stmt::execute, and the first step has already been run.
+		// For this iteration of fetchArray, skip calling sqlite3_step.
+		ret = result_obj->stmt_obj->pending_step_return_code;
+	} else {
+		ret = sqlite3_step(result_obj->stmt_obj->stmt);
+	}
+	result_obj->stmt_obj->pending_step_return_code = -1;
+
 	switch (ret) {
 		case SQLITE_ROW:
 			/* If there was no return value then just skip fetching */
@@ -2020,6 +2038,7 @@ PHP_METHOD(SQLite3Result, reset)
 	SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result)
 
 	sqlite3result_clear_column_names_cache(result_obj);
+	result_obj->stmt_obj->pending_step_return_code = -1;
 
 	if (sqlite3_reset(result_obj->stmt_obj->stmt) != SQLITE_OK) {
 		RETURN_FALSE;
@@ -2041,6 +2060,7 @@ PHP_METHOD(SQLite3Result, finalize)
 	SQLITE3_CHECK_INITIALIZED(result_obj->db_obj, result_obj->stmt_obj->initialised, SQLite3Result)
 
 	sqlite3result_clear_column_names_cache(result_obj);
+	result_obj->stmt_obj->pending_step_return_code = -1;
 
 	/* We need to finalize an internal statement */
 	if (result_obj->is_prepared_statement == 0) {
@@ -2271,10 +2291,6 @@ static void php_sqlite3_result_object_free_storage(zend_object *object) /* {{{ *
 	sqlite3result_clear_column_names_cache(intern);
 
 	if (!Z_ISNULL(intern->stmt_obj_zval)) {
-		if (intern->stmt_obj && intern->stmt_obj->initialised) {
-			sqlite3_reset(intern->stmt_obj->stmt);
-		}
-
 		zval_ptr_dtor(&intern->stmt_obj_zval);
 	}
 
diff --git a/ext/sqlite3/tests/bug64531-fetch-array-duplicate-execution.phpt b/ext/sqlite3/tests/bug64531-fetch-array-duplicate-execution.phpt
@@ -0,0 +1,221 @@
+--TEST--
+Bug 64531 - SQLite3Result::fetchArray executes the query again
+--EXTENSIONS--
+sqlite3
+--FILE--
+<?php
+
+require_once(__DIR__ . '/new_db.inc');
+
+// Register two SQLite functions which call back to PHP -
+echo "Register call counter function\n";
+
+// "RECOGNISE(x)" returns x and increments a global counter of times x has been
+// seen by the function.
+function recognise(mixed $value) : mixed
+{
+    $GLOBALS['seen'][$value] = ($GLOBALS['seen'][$value] ?? 0) + 1;
+    return $value;
+};
+
+// "RECOGNISED(x)" returns how many times x has been seen by RECOGNISE.
+function recognised(mixed $value) : mixed
+{
+    return $GLOBALS['seen'][$value];
+}
+
+$db->createFunction('RECOGNISE', 'recognise');
+$db->createFunction('RECOGNISED', 'recognised');
+
+echo "Create table\n\n";
+// RECOGNISED(RECOGNISE(x)) should just return 1, 2, 3 for x, x, x if
+// everything is going as expected, or 1, 1, 1 for x, y, z.
+$db->exec('CREATE TABLE letters (id INTEGER PRIMARY KEY, letter STRING, recognised_on_insert INTEGER)');
+
+echo "Testing SQLite3Result behaviour on INSERT (no result set) when created using SQLite3Stmt->execute\n";
+// The RECOGNISE function is called to generate the data before it is written,
+// so this should look like VALUES ('a', 1), ('b', 1).
+$stmt = $db->prepare('INSERT INTO letters (letter, recognised_on_insert) VALUES (:letter, RECOGNISED(RECOGNISE(:letter)))');
+
+function checkInsertResult(SQLite3Result $result, $letter)
+{
+    printf("'%s' is inserted and has been seen %d times so far.\n", $letter, recognised($letter));
+    printf("calling fetchArray on the INSERT statement result.\n");
+    while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
+        printf("unexpected: a result came back.\n");
+        var_dump($row);
+    }
+    $check = recognised($letter);
+    printf(
+        "After calling fetch, '%s' has been seen %d times - %s.\n",
+        $letter, $check, $check === 1 ? "OK" : "NOT OK"
+    );
+    printf("calling fetchArray again - this will re-execute (see 79293).\n");
+    while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
+        printf("unexpected: a result came back.\n");
+        var_dump($row);
+    }
+    $check = recognised($letter);
+    printf(
+        "After calling fetch, '%s' has been seen %d times - %s.\n",
+        $letter, $check, $check === 2 ? "OK" : "NOT OK"
+    );
+}
+
+function checkSelectResult(SQLite3Result $result)
+{
+    echo "Query executed, doing fetch\n";
+    while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
+        printf(
+            "letter '%s' was inserted with ID %2.d which has been seen %d times. The letter has now been seen %d times.\n",
+            $row['letter'],
+            $row['id'],
+            $row['id_recognised'],
+            $row['letter_recognised']
+        );
+    }
+}
+
+foreach (str_split("abc") as $letter) {
+    $stmt->bindValue(":letter", $letter);
+    $result = $stmt->execute();
+    checkInsertResult($result, $letter);
+}
+
+echo "\nTesting SQLite3Result behaviour on INSERT (no result set) when created using SQLite3->query\n";
+foreach (str_split("ABC") as $letter) {
+    $result = $db->query("INSERT INTO letters (letter, recognised_on_insert) VALUES ('$letter', RECOGNISED(RECOGNISE('$letter')))");
+    checkInsertResult($result, $letter);
+}
+
+// Because we've run insert twice per letter above due to 79293, we now expect
+// the DB to have (a, a, b, b, c, c, A, A, B, B, C, C). Let's check!
+echo "\nTesting SQLite3Result behaviour on SELECT when created using SQLite3Stmt->execute\n";
+$stmt = $db->prepare(<<<SQL
+    SELECT
+        id,
+        RECOGNISE(letter) as letter,
+        RECOGNISED(id) AS id_recognised,
+        RECOGNISED(letter) as letter_recognised
+    FROM letters
+    WHERE id = RECOGNISE(?)
+SQL);
+for ($i = 1; $i <= 6; $i++) {
+    $stmt->bindValue(1, $i);
+    $result = $stmt->execute();
+    checkSelectResult($result);
+}
+
+echo "\nTesting SQLite3Result behaviour on SELECT when created using SQLite3->query\n";
+for ($i = 7; $i <= 12; $i++) {
+    $result = $db->query(<<<"SQL"
+        SELECT
+            id,
+            RECOGNISE(letter) as letter,
+            RECOGNISED(id) AS id_recognised,
+            RECOGNISED(letter) as letter_recognised
+        FROM letters
+        WHERE id = RECOGNISE($i)
+SQL);
+    checkSelectResult($result);
+}
+
+echo "Final result\n\n";
+
+foreach ($GLOBALS['seen'] as $key => $value) {
+    printf("%s | %3.d\n", $key, $value);
+}
+
+echo "Closing database\n";
+
+var_dump($db->close());
+echo "Done\n";
+?>
+--EXPECT--
+Register call counter function
+Create table
+
+Testing SQLite3Result behaviour on INSERT (no result set) when created using SQLite3Stmt->execute
+'a' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'a' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'a' has been seen 2 times - OK.
+'b' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'b' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'b' has been seen 2 times - OK.
+'c' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'c' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'c' has been seen 2 times - OK.
+
+Testing SQLite3Result behaviour on INSERT (no result set) when created using SQLite3->query
+'A' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'A' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'A' has been seen 2 times - OK.
+'B' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'B' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'B' has been seen 2 times - OK.
+'C' is inserted and has been seen 1 times so far.
+calling fetchArray on the INSERT statement result.
+After calling fetch, 'C' has been seen 1 times - OK.
+calling fetchArray again - this will re-execute (see 79293).
+After calling fetch, 'C' has been seen 2 times - OK.
+
+Testing SQLite3Result behaviour on SELECT when created using SQLite3Stmt->execute
+Query executed, doing fetch
+letter 'a' was inserted with ID  1 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'a' was inserted with ID  2 which has been seen 1 times. The letter has now been seen 4 times.
+Query executed, doing fetch
+letter 'b' was inserted with ID  3 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'b' was inserted with ID  4 which has been seen 1 times. The letter has now been seen 4 times.
+Query executed, doing fetch
+letter 'c' was inserted with ID  5 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'c' was inserted with ID  6 which has been seen 1 times. The letter has now been seen 4 times.
+
+Testing SQLite3Result behaviour on SELECT when created using SQLite3->query
+Query executed, doing fetch
+letter 'A' was inserted with ID  7 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'A' was inserted with ID  8 which has been seen 1 times. The letter has now been seen 4 times.
+Query executed, doing fetch
+letter 'B' was inserted with ID  9 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'B' was inserted with ID 10 which has been seen 1 times. The letter has now been seen 4 times.
+Query executed, doing fetch
+letter 'C' was inserted with ID 11 which has been seen 1 times. The letter has now been seen 3 times.
+Query executed, doing fetch
+letter 'C' was inserted with ID 12 which has been seen 1 times. The letter has now been seen 4 times.
+Final result
+
+a |   4
+b |   4
+c |   4
+A |   4
+B |   4
+C |   4
+1 |   1
+2 |   1
+3 |   1
+4 |   1
+5 |   1
+6 |   1
+7 |   1
+8 |   1
+9 |   1
+10 |   1
+11 |   1
+12 |   1
+Closing database
+bool(true)
+Done
