From 67bd3c678a32fad23e614a159acfc2e44ec8e3b4 Mon Sep 17 00:00:00 2001
From: kewde <kewde@particl.io>
Date: Fri, 30 May 2025 12:33:02 +0200
Subject: [PATCH 1/2] fix: potential null pointer dereference in Blob
 constructor

---
 src/statement.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/statement.h b/src/statement.h
index c522c0fd..c2504164 100644
--- a/src/statement.h
+++ b/src/statement.h
@@ -57,7 +57,9 @@ namespace Values {
                 Field(_name, SQLITE_BLOB), length(len) {
             value = new char[len];
             assert(value != nullptr);
-            memcpy(value, val, len);
+            if (val != nullptr) {
+                memcpy(value, val, len);
+            }
         }
         inline virtual ~Blob() override {
             delete[] value;

From 60a20e1cf4699fae304f2b8c67aa83f15ea00495 Mon Sep 17 00:00:00 2001
From: kewde <kewde@particl.io>
Date: Fri, 30 May 2025 12:44:49 +0200
Subject: [PATCH 2/2] fix: add test case for empty blob

---
 test/blob.test.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/blob.test.js b/test/blob.test.js
index 5c2b0d85..6a08770a 100644
--- a/test/blob.test.js
+++ b/test/blob.test.js
@@ -51,4 +51,18 @@ describe('blob', function() {
             done();
         });
     });
+
+    it('should be able to select empty blobs', function(done) {
+        const empty = new sqlite3.Database(':memory:');
+        empty.serialize(function() {
+            empty.run("CREATE TABLE files (id INTEGER PRIMARY KEY, data BLOB)");
+            empty.run("INSERT INTO files (data) VALUES (X'')");
+        });
+        empty.get("SELECT data FROM files LIMIT 1", (err, row) => {
+            if (err) throw err;
+            assert.ok(Buffer.isBuffer(row.data));
+            assert.equal(row.data.length, 0);
+            empty.close(done);
+        });
+    })
 });