Description
Several calls to sqlite3_reset and sqlite3_finalize are unchecked.
Some calls to sqlite3_reset are checked and then the value is returned to the user:
|
if (sqlite3_reset(stmt_obj->stmt) != SQLITE_OK) { |
|
php_sqlite3_error(stmt_obj->db_obj, sqlite3_errcode(sqlite3_db_handle(stmt_obj->stmt)), "Unable to reset statement: %s", sqlite3_errmsg(sqlite3_db_handle(stmt_obj->stmt))); |
|
RETURN_FALSE; |
|
} |
|
if (sqlite3_reset(result_obj->stmt_obj->stmt) != SQLITE_OK) { |
|
RETURN_FALSE; |
|
} |
Note however an inconsistency between these two: one of them throw/warns and the other one doesn't. This likely needs to be made consistent.
It's probably best if the calls to sqlite3_reset and sqlite3_finalize are checked consistently everywhere.
Note: found by a static-dynamic hybrid analyzer I'm developing.
PHP Version
Operating System
N/A
Description
Several calls to
sqlite3_resetandsqlite3_finalizeare unchecked.Some calls to
sqlite3_resetare checked and then the value is returned to the user:php-src/ext/sqlite3/sqlite3.c
Lines 1414 to 1417 in cde32be
php-src/ext/sqlite3/sqlite3.c
Lines 2101 to 2103 in cde32be
Note however an inconsistency between these two: one of them throw/warns and the other one doesn't. This likely needs to be made consistent.
It's probably best if the calls to
sqlite3_resetandsqlite3_finalizeare checked consistently everywhere.Note: found by a static-dynamic hybrid analyzer I'm developing.
PHP Version
Operating System
N/A