From 2a1aa8cac53006a987ff1bb7f5c43279c6f62564 Mon Sep 17 00:00:00 2001 From: Saki Takamachi Date: Sat, 20 Apr 2024 22:33:25 +0900 Subject: [PATCH] Fix GH-13998: Manage refcount of agg_context->val correctly (#14004) When step_callback fails, agg_context->val is passed dtor, but agg_context->val is also used in final_callback regardless of the success/failure of step_callback, so should not call dtor. closes #14004 fixes #13998 --- NEWS | 2 ++ ext/pdo_sqlite/sqlite_driver.c | 1 - ext/pdo_sqlite/tests/gh13998.phpt | 25 +++++++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 ext/pdo_sqlite/tests/gh13998.phpt diff --git a/NEWS b/NEWS index 0cc2d50baf2..4b1a4aa8fe8 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,8 @@ PHP NEWS - PDO SQLite: . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi) + . Fix GH-13998 (Manage refcount of agg_context->val correctly). + (Saki Takamachi) - Phar: . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c index 2f494c2ddb8..03b212bf75c 100644 --- a/ext/pdo_sqlite/sqlite_driver.c +++ b/ext/pdo_sqlite/sqlite_driver.c @@ -441,7 +441,6 @@ static int do_callback(struct pdo_sqlite_fci *fc, zval *cb, * the context */ if (agg_context) { if (Z_ISUNDEF(retval)) { - zval_ptr_dtor(&agg_context->val); return FAILURE; } zval_ptr_dtor(Z_REFVAL(agg_context->val)); diff --git a/ext/pdo_sqlite/tests/gh13998.phpt b/ext/pdo_sqlite/tests/gh13998.phpt new file mode 100644 index 00000000000..c87b4acdd21 --- /dev/null +++ b/ext/pdo_sqlite/tests/gh13998.phpt @@ -0,0 +1,25 @@ +--TEST-- +Fix GH-13998: Manage refcount of agg_context->val correctly +--EXTENSIONS-- +pdo_sqlite +--FILE-- +query('CREATE TABLE test (a int, b int)'); +$stmt = $db->query('INSERT INTO test VALUES (1, 1), (2, 2), (3, 3)'); +$db->sqliteCreateAggregate('S', $step, $finalize, 1); + +try { + $db->query('SELECT S(a) FROM test'); +} catch (Exception $e) { + echo 'done!'; +} +?> +--EXPECT-- +done!