php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch bug66283_oom_during_cleanup_mitigation.diff for MySQLi related Bug #66283

Patch version 2014-01-09 18:13 UTC

Return to Bug #66283 | Download this patch
Patch Revisions:

Developer: johannes@php.net

diff --git a/ext/mysqlnd/mysqlnd_result.c b/ext/mysqlnd/mysqlnd_result.c
index 4d9c655..67805e1 100644
--- a/ext/mysqlnd/mysqlnd_result.c
+++ b/ext/mysqlnd/mysqlnd_result.c
@@ -187,9 +187,11 @@ MYSQLND_METHOD(mysqlnd_res, free_buffered_data)(MYSQLND_RES * result TSRMLS_DC)
 	if (set->data) {
 		unsigned int copy_on_write_performed = 0;
 		unsigned int copy_on_write_saved = 0;
+		zval **data = set->data;
+		set->data = NULL; /* prevent double free if following loop is interrupted */
 
 		for (row = set->row_count - 1; row >= 0; row--) {
-			zval **current_row = set->data + row * field_count;
+			zval **current_row = data + row * field_count;
 			MYSQLND_MEMORY_POOL_CHUNK *current_buffer = set->row_buffers[row];
 			int64_t col;
 
@@ -211,8 +213,7 @@ MYSQLND_METHOD(mysqlnd_res, free_buffered_data)(MYSQLND_RES * result TSRMLS_DC)
 
 		MYSQLND_INC_GLOBAL_STATISTIC_W_VALUE2(STAT_COPY_ON_WRITE_PERFORMED, copy_on_write_performed,
 											  STAT_COPY_ON_WRITE_SAVED, copy_on_write_saved);
-		mnd_efree(set->data);
-		set->data = NULL;
+		mnd_efree(data);
 	}
 
 	if (set->row_buffers) {
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun May 24 05:02:13 2015 UTC