mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-28 12:26:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed

Browse Source 
Each new mysqli_stmt now increase the refcount of the link object.
So the link is really destroy after all statements.

Only implemented with libmysqlclient, as mysqlnd already implement
this internally.

So, libmysqlclient and mysqlnd have the same behavior.
This commit is contained in:
Remi Collet 2014-02-27 08:45:16 +01:00
parent bd961f3e87
commit 9137acc7ec
3 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ext/mysqli/mysqli.c
View File

@ -176,8 +176,11 @@ void php_clear_stmt_bind(MY_STMT *stmt TSRMLS_DC)
php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE); php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
/* Clean output bind */ /* Clean output bind */
php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT); php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
#endif
if (stmt->link_handle) {
zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC);
}
#endif
if (stmt->query) { if (stmt->query) {
efree(stmt->query); efree(stmt->query);
} }
@ -1055,6 +1058,10 @@ PHP_FUNCTION(mysqli_stmt_construct)
efree(stmt); efree(stmt);
RETURN_FALSE; RETURN_FALSE;
} }
#ifndef MYSQLI_USE_MYSQLND
stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)stmt; mysqli_resource->ptr = (void *)stmt;

8
ext/mysqli/mysqli_api.c
View File

@ -1840,6 +1840,10 @@ PHP_FUNCTION(mysqli_prepare)
efree(stmt); efree(stmt);
RETURN_FALSE; RETURN_FALSE;
} }
#ifndef MYSQLI_USE_MYSQLND
stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)stmt; mysqli_resource->ptr = (void *)stmt;
@ -2368,6 +2372,10 @@ PHP_FUNCTION(mysqli_stmt_init)
efree(stmt); efree(stmt);
RETURN_FALSE; RETURN_FALSE;
} }
#ifndef MYSQLI_USE_MYSQLND
stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->status = MYSQLI_STATUS_INITIALIZED; mysqli_resource->status = MYSQLI_STATUS_INITIALIZED;

4
ext/mysqli/php_mysqli_structs.h
View File

@ -116,6 +116,10 @@ typedef struct {
BIND_BUFFER param; BIND_BUFFER param;
BIND_BUFFER result; BIND_BUFFER result;
char *query; char *query;
#ifndef MYSQLI_USE_MYSQLND
/* used to manage refcount with libmysql (already implement in mysqlnd) */
zend_object_handle link_handle;
#endif
} MY_STMT; } MY_STMT;
typedef struct { typedef struct {