From cde32beadeee04c16d8607266ea7586078fbc9df Mon Sep 17 00:00:00 2001
From: Nora Dossche <7771979+ndossche@users.noreply.github.com>
Date: Fri, 15 May 2026 12:05:10 +0200
Subject: [PATCH] sqlite3: fix internal return type violation in escapeString()
 (#22026)

If this call fails due to an internal libsqlite3 error, then the
function will return NULL (as that's the default value set by the VM).
However, the function is marked with a non-nullable string return type.
Therefore this will result in a type violation and a fatal error in
debug mode.
Either we solve it by making the function nullable or throw.
I chose the latter as it is less of a footgun.
---
 ext/sqlite3/sqlite3.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ext/sqlite3/sqlite3.c b/ext/sqlite3/sqlite3.c
index 8b69eca42061..d257703f17ac 100644
--- a/ext/sqlite3/sqlite3.c
+++ b/ext/sqlite3/sqlite3.c
@@ -478,6 +478,9 @@ PHP_METHOD(SQLite3, escapeString)
 		if (ret) {
 			RETVAL_STRING(ret);
 			sqlite3_free(ret);
+		} else {
+			zend_throw_exception_ex(php_sqlite3_exception_ce, 0, "Unable to escape string");
+			RETURN_THROWS();
 		}
 	} else {
 		RETURN_EMPTY_STRING();