From a5f6f69c0bcbef1722ff1aca7df636c18533dd73 Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Thu, 23 Jan 2025 15:06:24 -0800
Subject: [PATCH 1/3] Check MMDB_get_metadata_as_entry_data_list return value

---
 CHANGELOG.md    |  2 ++
 ext/maxminddb.c | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40d89d4..3b9d2b5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ CHANGELOG
 * Improve the error handling when the user tries to open a directory
   with the pure PHP reader.
 * Improve the typehints on arrays in the PHPDocs.
+* The C extension now checks that the database metadata lookup was
+  successful.
 
 1.11.1 (2023-12-01)
 -------------------
diff --git a/ext/maxminddb.c b/ext/maxminddb.c
index 20e2bbf..b4e078b 100644
--- a/ext/maxminddb.c
+++ b/ext/maxminddb.c
@@ -336,7 +336,15 @@ PHP_METHOD(MaxMind_Db_Reader, metadata) {
     object_init_ex(return_value, metadata_ce);
 
     MMDB_entry_data_list_s *entry_data_list;
-    MMDB_get_metadata_as_entry_data_list(mmdb_obj->mmdb, &entry_data_list);
+    int status =
+        MMDB_get_metadata_as_entry_data_list(mmdb_obj->mmdb, &entry_data_list);
+    if (status != MMDB_SUCCESS) {
+        zend_throw_exception_ex(maxminddb_exception_ce,
+                                0 TSRMLS_CC,
+                                "Error while decoding metadata. %s",
+                                MMDB_strerror(status));
+        return;
+    }
 
     zval metadata_array;
     const MMDB_entry_data_list_s *rv =

From 1b2eed257bdcfd3c75c21e630ec5f0171db91315 Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Thu, 23 Jan 2025 15:17:05 -0800
Subject: [PATCH 2/3] Add empty permission blocks

As requested by zizmor.
---
 .github/workflows/clang-addresssanitizer.yml | 2 ++
 .github/workflows/clang-analyzer.yml         | 2 ++
 .github/workflows/lint.yml                   | 2 ++
 .github/workflows/test.yml                   | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/.github/workflows/clang-addresssanitizer.yml b/.github/workflows/clang-addresssanitizer.yml
index 2d89681..5ab574f 100644
--- a/.github/workflows/clang-addresssanitizer.yml
+++ b/.github/workflows/clang-addresssanitizer.yml
@@ -6,6 +6,8 @@ on:
   schedule:
     - cron: '53 3 * * SUN'
 
+permissions: {}
+
 jobs:
   addresssanitizer:
     name: Clang AddressSanitizer
diff --git a/.github/workflows/clang-analyzer.yml b/.github/workflows/clang-analyzer.yml
index e6a6dec..02fa5bd 100644
--- a/.github/workflows/clang-analyzer.yml
+++ b/.github/workflows/clang-analyzer.yml
@@ -6,6 +6,8 @@ on:
   schedule:
     - cron: '45 3 * * SUN'
 
+permissions: {}
+
 jobs:
   run:
     name: "Clang Static Analysis"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 7e28f1c..9caf243 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,6 +6,8 @@ on:
   schedule:
     - cron: '45 3 * * SUN'
 
+permissions: {}
+
 jobs:
   run:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 110e23d..ce71c02 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,8 @@ on:
   schedule:
     - cron: '45 3 * * SUN'
 
+permissions: {}
+
 jobs:
   run:
     runs-on: ${{ matrix.operating-system }}

From 4501f2088d35b3d0bbb860b4b8ed6e7854fff10a Mon Sep 17 00:00:00 2001
From: Gregory Oschwald <goschwald@maxmind.com>
Date: Mon, 27 Jan 2025 09:47:03 -0800
Subject: [PATCH 3/3] Create new version section

---
 CHANGELOG.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3b9d2b5..c8c147b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,14 +1,18 @@
 CHANGELOG
 =========
 
+1.12.1
+-------------------
+
+* The C extension now checks that the database metadata lookup was
+  successful.
+
 1.12.0 (2024-11-14)
 -------------------
 
 * Improve the error handling when the user tries to open a directory
   with the pure PHP reader.
 * Improve the typehints on arrays in the PHPDocs.
-* The C extension now checks that the database metadata lookup was
-  successful.
 
 1.11.1 (2023-12-01)
 -------------------