sqlite_escape_string may return a random string

Bug #29395	sqlite_escape_string may return a random string
Submitted:	2004-07-26 21:18 UTC	Modified:	2004-07-27 19:35 UTC
From:	thecwin at gmail dot com	Assigned:
Status:	Closed	Package:	SQLite related
PHP Version:	5CVS-2004-07-26 (dev)	OS:	XP Home and Slackware Linux
Private report:	No	CVE-ID:	None

[2004-07-26 21:18 UTC] thecwin at gmail dot com

Description:
------------
http://cwin.dotgeek.org/mem.php
http://cwin.redirectme.net/mem.php

If an empty string like "" is passed to a function as an argument which then passes the argument to sqlite_escape_string($arg), the returned value will be random garbage. The returned value may contain words or useless data. It looks like its reading random memory.

Similar to bug 29339, but does *not* work when passing an empty string created in the function from which it is calling sqlite_escape_string

Reproduce code:
---------------
http://cwin.redirectme.net/mem.phps

This is affected: 
<?php 
function escapeSimple($str) { 
   return @sqlite_escape_string($str); 
} 
echo escapeSimple(""); 

?> 

whereas this is not:
<?php
echo sqlite_escape_string("");
?>

Expected result:
----------------
It should return/print nothing.

Actual result:
--------------
(Possibly) random characters.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-07-27 19:35 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.