Implement NUL byte checks for dbnames

Since we're passing these parameter to C functions accepting `char*`
without any further checking, we should reject strings with NUL bytes
in the first place.

Author: cmb69

ext/sqlite3/sqlite3.c

@@ -1300,6 +1300,11 @@ PHP_METHOD(sqlite3, openBlob)
 		return;
 	}
 
+	if (ZEND_NUM_ARGS() >= 4 && CHECK_NULL_PATH(dbname, dbname_len)) {
+		zend_value_error("dbname must not contain NUL bytes");
+		return;
+	}
+
 	sqlite_flags = (flags & SQLITE_OPEN_READWRITE) ? 1 : 0;
 
 	if (sqlite3_blob_open(db_obj->db, dbname, table, column, rowid, sqlite_flags, &blob) != SQLITE_OK) {
@@ -1368,6 +1373,13 @@ PHP_METHOD(sqlite3, backup)
 		return;
 	}
 
+	if ((ZEND_NUM_ARGS() >= 2 && CHECK_NULL_PATH(source_dbname, source_dbname_length))
+		|| (ZEND_NUM_ARGS() >= 3 && CHECK_NULL_PATH(destination_dbname, destination_dbname_length))
+	) {
+		zend_value_error("dbname must not contain NUL bytes");
+		return;
+	}
+
 	destination_obj = Z_SQLITE3_DB_P(destination_zval);
 
 	SQLITE3_CHECK_INITIALIZED(destination_obj, destination_obj->initialised, SQLite3)