Patch mysqli-protect-link.patch for MySQLi related Bug #66762

Patch version 2014-02-25 07:44 UTC

Obsolete patches:

• mysqli-protect-link.patch, revision 2014-02-25 07:32 UTC

Developer: remi@php.net

  diff -up ext/mysqli/mysqli_api.c.orig ext/mysqli/mysqli_api.c
 --- ext/mysqli/mysqli_api.c.orig	2014-02-18 17:14:48.000000000 +0100
 +++ ext/mysqli/mysqli_api.c	2014-02-24 19:19:52.321098290 +0100
 --- ext/mysqli/mysqli_api.c.orig	2014-02-05 11:00:36.000000000 +0100
 +++ ext/mysqli/mysqli_api.c	2014-02-25 08:16:43.597710792 +0100
  @@ -1869,6 +1869,10 @@ PHP_FUNCTION(mysqli_prepare)
   		efree(stmt);
   		RETURN_FALSE;
   	}
  +#ifndef MYSQLI_USE_MYSQLND
  +	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
  +#endif
   
   	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
   	mysqli_resource->ptr = (void *)stmt;


   		RETURN_FALSE;
   	}
  +#ifndef MYSQLI_USE_MYSQLND
  +	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
  +#endif
   
   	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
   	mysqli_resource->status = MYSQLI_STATUS_INITIALIZED;
  diff -up ext/mysqli/mysqli.c.orig ext/mysqli/mysqli.c
 --- ext/mysqli/mysqli.c.orig	2014-02-18 17:14:48.000000000 +0100
 +++ ext/mysqli/mysqli.c	2014-02-24 19:18:51.112895737 +0100
 @@ -176,6 +176,10 @@ void php_clear_stmt_bind(MY_STMT *stmt T
 --- ext/mysqli/mysqli.c.orig	2014-02-05 11:00:36.000000000 +0100
 +++ ext/mysqli/mysqli.c	2014-02-25 08:21:37.336860837 +0100
 @@ -176,8 +176,11 @@ void php_clear_stmt_bind(MY_STMT *stmt T
   	php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
   	/* Clean output bind */
   	php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
 +
 -#endif
  
  +	if (stmt->link_handle) {
  +	    zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC);
  +	}
  #endif
  
 +#endif
   	if (stmt->query) {
 @@ -1069,6 +1073,10 @@ PHP_FUNCTION(mysqli_stmt_construct)
  		efree(stmt->query);
  	}
 @@ -1069,6 +1072,10 @@ PHP_FUNCTION(mysqli_stmt_construct)
   		efree(stmt);
   		RETURN_FALSE;
   	}
  +#ifndef MYSQLI_USE_MYSQLND
  +	stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle);
 +	zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
  +#endif
   
   	mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
   	mysqli_resource->ptr = (void *)stmt;
  diff -up ext/mysqli/php_mysqli_structs.h.orig ext/mysqli/php_mysqli_structs.h
 --- ext/mysqli/php_mysqli_structs.h.orig	2014-02-18 17:14:48.000000000 +0100
 +++ ext/mysqli/php_mysqli_structs.h	2014-02-24 19:15:27.567222173 +0100
 --- ext/mysqli/php_mysqli_structs.h.orig	2014-02-05 11:00:36.000000000 +0100
 +++ ext/mysqli/php_mysqli_structs.h	2014-02-25 08:16:43.598710795 +0100
  @@ -116,6 +116,10 @@ typedef struct {
   	BIND_BUFFER	param;
   	BIND_BUFFER	result;
   	char		*query;


  +#endif
   } MY_STMT;
   
   typedef struct {
 diff -up ext/mysqli/tests/bug66762.phpt.orig ext/mysqli/tests/bug66762.phpt
 --- ext/mysqli/tests/bug66762.phpt.orig	2014-02-25 08:16:17.118619251 +0100
 +++ ext/mysqli/tests/bug66762.phpt	2014-02-25 08:31:33.252385139 +0100
 @@ -0,0 +1,26 @@
 +--TEST--
 +Bug #66762 	mysqli@libmysql segfault in mysqli_stmt::bind_result() when link closed
 +--SKIPIF--
 +<?php
 +require_once('skipif.inc');
 +require_once('skipifconnectfailure.inc');
 +?>
 +--FILE--
 +<?php
 +	require_once("connect.inc");
 +
 +	$mysqli = new mysqli($host, $user, $passwd, $db);
 +
 +	$read_stmt = $mysqli->prepare("SELECT 1");
 +
 +	var_dump($read_stmt->bind_result($data));
 +
 +	unset($mysqli);
 +	var_dump($read_stmt->bind_result($data));
 +	
 +?>
 +done!
 +--EXPECT--
 +bool(true)
 +bool(true)
 +done!
 \ Pas de fin de ligne à la fin du fichier