- Fixed bug #36949 (invalid internal mysqli objects dtor)

3 files changed, 56 insertions, 17 deletions

diff --git a/NEWS b/NEWS
index fc6c062fec..3d5f56ac59 100644
--- a/NEWS
+++ b/NEWS
@@ -97,6 +97,7 @@ PHP                                                                        NEWS
 - Fixed bug #37256 (php-fastcgi dosen't handle connection abort). (Dmitry)
 - Fixed bug #37244 (Added strict flag to base64_decode() that enforces 
   RFC3548 compliance). (Ilia)
+- Fixed bug #36949 (invalid internal mysqli objects dtor). (Mike)
 - Fixed bug #36630 (umask not reset at the end of the request). (Ilia)
 - Fixed bug #35512 (Lack of read permission on main script results in 
   E_WARNING rather then E_ERROR). (Ilia)
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 8f9b5119d4..cad94021e8 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -135,22 +135,7 @@ void php_clear_mysql(MY_MYSQL *mysql) {
 static void mysqli_objects_free_storage(zend_object *object TSRMLS_DC)
 {
 	mysqli_object 	*intern = (mysqli_object *)object;
-
-	zend_object_std_dtor(&intern->zo TSRMLS_CC);
-	efree(intern);
-}
-/* }}} */
-
-/* {{{ mysqli_objects_destroy_object
- */
-static void mysqli_objects_destroy_object(void *object, zend_object_handle handle TSRMLS_DC)
-{
-	mysqli_object 	*intern = (mysqli_object *)object;
-	MYSQLI_RESOURCE	*my_res;
-
-	zend_objects_destroy_object(object, handle TSRMLS_CC);
-	
-	my_res = (MYSQLI_RESOURCE *)intern->ptr;
+	MYSQLI_RESOURCE	*my_res = (MYSQLI_RESOURCE *)intern->ptr;
 
 	/* link object */
 	if (instanceof_function(intern->zo.ce, mysqli_link_class_entry TSRMLS_CC)) {
@@ -179,6 +164,9 @@ static void mysqli_objects_destroy_object(void *object, zend_object_handle handl
 	}
 	intern->ptr = NULL;
 	my_efree(my_res);
+	
+	zend_object_std_dtor(&intern->zo TSRMLS_CC);
+	efree(intern);
 }
 /* }}} */
 
@@ -360,7 +348,7 @@ PHP_MYSQLI_EXPORT(zend_object_value) mysqli_objects_new(zend_class_entry *class_
 	zend_hash_copy(intern->zo.properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref,
 					(void *) &tmp, sizeof(zval *));
 
-	retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t) mysqli_objects_destroy_object, (zend_objects_free_object_storage_t) mysqli_objects_free_storage, NULL TSRMLS_CC);
+	retval.handle = zend_objects_store_put(intern, (zend_objects_store_dtor_t) zend_objects_destroy_object, (zend_objects_free_object_storage_t) mysqli_objects_free_storage, NULL TSRMLS_CC);
 	retval.handlers = &mysqli_object_handlers;
 
 	return retval;
diff --git a/ext/mysqli/tests/bug36949.phpt b/ext/mysqli/tests/bug36949.phpt
new file mode 100644
index 0000000000..fb57df4864
--- /dev/null
+++ b/ext/mysqli/tests/bug36949.phpt
@@ -0,0 +1,50 @@
+--TEST--
+bug #36949
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+include "connect.inc";
+
+class A {
+
+	private $mysqli;
+
+	public function __construct() {
+		global $user, $host, $passwd;
+		$this->mysqli = new mysqli($host, $user, $passwd);
+		$result = $this->mysqli->query("SELECT NOW() AS my_time FROM DUAL");
+		$row = $result->fetch_object();
+		echo $row->my_time."<br>\n";
+		$result->close();
+	}
+
+	public function __destruct() {
+		$this->mysqli->close();
+	}
+}
+
+class B {
+
+	private $mysqli;
+
+	public function __construct() {
+		global $user, $host, $passwd;
+		$this->mysqli = new mysqli($host, $user, $passwd);
+		$result = $this->mysqli->query("SELECT NOW() AS my_time FROM DUAL");
+		$row = $result->fetch_object();
+		echo $row->my_time."<br>\n";
+		$result->close();
+	}
+
+	public function __destruct() {
+		$this->mysqli->close();
+	}
+}
+
+$A = new A();
+$B = new B();
+?>
+--EXPECTF--
+%d%d%d%d-%d%d-%d%d %d%d:%d%d:%d%d<br>
+%d%d%d%d-%d%d-%d%d %d%d:%d%d:%d%d<br>