php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #66762
Patch mysqli-protect-link.patch revision 2014-02-25 07:44 UTC by remi@php.net
revision 2014-02-25 07:32 UTC by remi@php.net
revision 2014-02-24 18:21 UTC by remi@php.net
revision 2014-02-24 16:35 UTC by remi@php.net

Patch mysqli-protect-link.patch for MySQLi related Bug #66762

Patch version 2014-02-25 07:44 UTC

Return to Bug #66762 | Download this patch
This patch renders other patches obsolete

Obsolete patches:

Patch Revisions:

Developer: remi@php.net

diff -up ext/mysqli/mysqli_api.c.orig ext/mysqli/mysqli_api.c
--- ext/mysqli/mysqli_api.c.orig	2014-02-05 11:00:36.000000000 +0100
+++ ext/mysqli/mysqli_api.c	2014-02-25 08:16:43.597710792 +0100
@@ -1869,6 +1869,10 @@ PHP_FUNCTION(mysqli_prepare)
 		efree(stmt);
 		RETURN_FALSE;
 	}
+#ifndef MYSQLI_USE_MYSQLND
+	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
 
 	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
 	mysqli_resource->ptr = (void *)stmt;
@@ -2413,6 +2417,10 @@ PHP_FUNCTION(mysqli_stmt_init)
 		efree(stmt);
 		RETURN_FALSE;
 	}
+#ifndef MYSQLI_USE_MYSQLND
+	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
 
 	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
 	mysqli_resource->status = MYSQLI_STATUS_INITIALIZED;
diff -up ext/mysqli/mysqli.c.orig ext/mysqli/mysqli.c
--- ext/mysqli/mysqli.c.orig	2014-02-05 11:00:36.000000000 +0100
+++ ext/mysqli/mysqli.c	2014-02-25 08:21:37.336860837 +0100
@@ -176,8 +176,11 @@ void php_clear_stmt_bind(MY_STMT *stmt T
 	php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
 	/* Clean output bind */
 	php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
-#endif
 
+	if (stmt->link_handle) {
+	    zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC);
+	}
+#endif
 	if (stmt->query) {
 		efree(stmt->query);
 	}
@@ -1069,6 +1072,10 @@ PHP_FUNCTION(mysqli_stmt_construct)
 		efree(stmt);
 		RETURN_FALSE;
 	}
+#ifndef MYSQLI_USE_MYSQLND
+	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
 
 	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
 	mysqli_resource->ptr = (void *)stmt;
diff -up ext/mysqli/php_mysqli_structs.h.orig ext/mysqli/php_mysqli_structs.h
--- ext/mysqli/php_mysqli_structs.h.orig	2014-02-05 11:00:36.000000000 +0100
+++ ext/mysqli/php_mysqli_structs.h	2014-02-25 08:16:43.598710795 +0100
@@ -116,6 +116,10 @@ typedef struct {
 	BIND_BUFFER	param;
 	BIND_BUFFER	result;
 	char		*query;
+#ifndef MYSQLI_USE_MYSQLND
+	/* used to manage refcount with libmysql (already implement in mysqlnd) */
+	zend_object_handle link_handle;
+#endif
 } MY_STMT;
 
 typedef struct {
diff -up ext/mysqli/tests/bug66762.phpt.orig ext/mysqli/tests/bug66762.phpt
--- ext/mysqli/tests/bug66762.phpt.orig	2014-02-25 08:16:17.118619251 +0100
+++ ext/mysqli/tests/bug66762.phpt	2014-02-25 08:31:33.252385139 +0100
@@ -0,0 +1,26 @@
+--TEST--
+Bug #66762 	mysqli@libmysql segfault in mysqli_stmt::bind_result() when link closed
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+	require_once("connect.inc");
+
+	$mysqli = new mysqli($host, $user, $passwd, $db);
+
+	$read_stmt = $mysqli->prepare("SELECT 1");
+
+	var_dump($read_stmt->bind_result($data));
+
+	unset($mysqli);
+	var_dump($read_stmt->bind_result($data));
+	
+?>
+done!
+--EXPECT--
+bool(true)
+bool(true)
+done!
\ Pas de fin de ligne à la fin du fichier
 
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Fri May 22 17:02:19 2015 UTC