From ab368bbe9b444bd39796faa8e2c2beca47abffd0 Mon Sep 17 00:00:00 2001
From: ndossche <7771979+ndossche@users.noreply.github.com>
Date: Tue, 12 May 2026 20:52:26 +0200
Subject: [PATCH] sqlite3: fix internal return type violation in escapeString()

If this call fails due to an internal libsqlite3 error, then the
function will return NULL (as that's the default value set by the VM).
However, the function is marked with a non-nullable string return type.
Therefore this will result in a type violation and a fatal error in
debug mode.
Either we solve it by making the function nullable or throw.
I chose the latter as it is less of a footgun.
---
 ext/sqlite3/sqlite3.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 100cf32680e9..0238ad2af613 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -494,6 +494,9 @@ PHP_METHOD(SQLite3, escapeString)
 		if (ret) {
 			RETVAL_STRING(ret);
 			sqlite3_free(ret);
+		} else {
+			zend_throw_exception_ex(php_sqlite3_exception_ce, 0, "Unable to escape string");
+			RETURN_THROWS();
 		}
 	} else {
 		RETURN_EMPTY_STRING();