Fix #79294: ::columnType() may fail after SQLite3Stmt::reset()

cmb69 · cmb69 · commit f133f0024ec8 · 2020-02-21T13:36:29.000+01:00
The fix for feature request #53466 did not properly handle resetting of the corresponding statement; the problem with this is that the statement does not know about its result sets. But even if we could fix this, the `complete` handling still appears to be brittle, since the `sqlite3_column_type()`docs[1] state: | If the SQL statement does not currently point to a valid row, or if | the column index is out of range, the result is undefined. Fortunately, we can use `sqlite3_data_count()` instead, since[2]: | If prepared statement P does not have results ready to return (via | calls to the sqlite3_column() family of interfaces) then | sqlite3_data_count(P) returns 0. Thus, we guard `SQLite3::columnType()` with `sqlite3_data_count()`, and completely drop updating the `php_sqlite3_result_object.complete` field, but keep it for ABI BC purposes. [1] <https://www.sqlite.org/c3ref/column_blob.html> [2] <https://www.sqlite.org/c3ref/data_count.html>
diff --git a/NEWS b/NEWS
@@ -21,6 +21,9 @@ PHP                                                                        NEWS
 - PDO_ODBC:
   . Fixed bug #79038 (PDOStatement::nextRowset() leaks column values). (cmb)
 
+- SQLite3:
+  . Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()). (cmb)
+
 - Standard:
   . Fixed bug #79254 (getenv() w/o arguments not showing changes). (cmb)
 
diff --git a/ext/sqlite3/php_sqlite3_structs.h b/ext/sqlite3/php_sqlite3_structs.h
@@ -108,7 +108,7 @@ struct _php_sqlite3_result_object  {
 	zval stmt_obj_zval;
 
 	int is_prepared_statement;
-	int complete;
+	int complete; // unused
 	zend_object zo;
 };
 
diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
@@ -1786,7 +1786,7 @@ PHP_METHOD(sqlite3result, columnType)
 		return;
 	}
 
-	if (result_obj->complete) {
+	if (!sqlite3_data_count(result_obj->stmt_obj->stmt)) {
 		RETURN_FALSE;
 	}
 
@@ -1841,7 +1841,6 @@ PHP_METHOD(sqlite3result, fetchArray)
 			break;
 
 		case SQLITE_DONE:
-			result_obj->complete = 1;
 			RETURN_FALSE;
 			break;
 
@@ -1869,8 +1868,6 @@ PHP_METHOD(sqlite3result, reset)
 		RETURN_FALSE;
 	}
 
-	result_obj->complete = 0;
-
 	RETURN_TRUE;
 }
 /* }}} */
diff --git a/ext/sqlite3/tests/bug79294.phpt b/ext/sqlite3/tests/bug79294.phpt
@@ -0,0 +1,34 @@
+--TEST--
+Bug #79294 ()::columnType() may fail after SQLite3Stmt::reset())
+--SKIPIF--
+<?php
+if (!extension_loaded('sqlite3')) die('sqlite3 extension not available');
+?>
+--FILE--
+<?php
+$db = new SQLite3(':memory:');
+$db->exec("CREATE TABLE foo (bar INT)");
+$db->exec("INSERT INTO foo VALUES (1)");
+
+$stmt = $db->prepare("SELECT * FROM foo");
+$res = $stmt->execute();
+var_dump($res->fetchArray() !== false);
+var_dump($res->columnType(0));
+var_dump($res->fetchArray() !== false);
+var_dump($res->columnType(0));
+$stmt->reset();
+var_dump($res->fetchArray() !== false);
+var_dump($res->columnType(0));
+$res->reset();
+var_dump($res->fetchArray() !== false);
+var_dump($res->columnType(0));
+?>
+--EXPECT--
+bool(true)
+int(1)
+bool(false)
+bool(false)
+bool(true)
+int(1)
+bool(true)
+int(1)

Original file line number	Diff line number	Diff line change
`@@ -1786,7 +1786,7 @@ PHP_METHOD(sqlite3result, columnType)`
`1786`	`1786`	`return;`
`1787`	`1787`	`}`
`1788`	`1788`
`1789`		`- if (result_obj->complete) {`
	`1789`	`+ if (!sqlite3_data_count(result_obj->stmt_obj->stmt)) {`
`1790`	`1790`	`RETURN_FALSE;`
`1791`	`1791`	`}`
`1792`	`1792`
`@@ -1841,7 +1841,6 @@ PHP_METHOD(sqlite3result, fetchArray)`
`1841`	`1841`	`break;`
`1842`	`1842`
`1843`	`1843`	`case SQLITE_DONE:`
`1844`		`- result_obj->complete = 1;`
`1845`	`1844`	`RETURN_FALSE;`
`1846`	`1845`	`break;`
`1847`	`1846`
`@@ -1869,8 +1868,6 @@ PHP_METHOD(sqlite3result, reset)`
`1869`	`1868`	`RETURN_FALSE;`
`1870`	`1869`	`}`
`1871`	`1870`
`1872`		`- result_obj->complete = 0;`
`1873`		`-`
`1874`	`1871`	`RETURN_TRUE;`
`1875`	`1872`	`}`
`1876`	`1873`	`/* }}} */`