diff options
| author | Ulf Wendel <uw@php.net> | 2009-09-30 14:39:33 +0000 |
|---|---|---|
| committer | Ulf Wendel <uw@php.net> | 2009-09-30 14:39:33 +0000 |
| commit | d79cba2afdb41ae2e9634782adbf2a48d56941d6 (patch) | |
| tree | c94220600cd95412cd789f360c36b1b8f5e2c9a1 | |
| parent | 59dc338ac243e4f1d1cc7929a588bb2e85d79006 (diff) | |
| download | php-git-d79cba2afdb41ae2e9634782adbf2a48d56941d6.tar.gz | |
Fixing a leak in mysqlnd when passing invalid fetch modes to mysqlnd.
| -rw-r--r-- | ext/mysql/php_mysql.c | 7 | ||||
| -rw-r--r-- | ext/mysql/tests/mysql_fetch_array.phpt | 4 | ||||
| -rw-r--r-- | ext/mysqlnd/mysqlnd_result.c | 19 |
3 files changed, 13 insertions, 17 deletions
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c index f8780017db..7b84b2418a 100644 --- a/ext/mysql/php_mysql.c +++ b/ext/mysql/php_mysql.c @@ -2012,7 +2012,7 @@ static void php_mysql_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int result_type, } } - if ((result_type & MYSQL_BOTH) == 0) { + if (result_type & ~MYSQL_BOTH) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "The result type should be either MYSQL_NUM, MYSQL_ASSOC or MYSQL_BOTH"); result_type = MYSQL_BOTH; } @@ -2200,6 +2200,11 @@ PHP_FUNCTION(mysql_fetch_array) } ZEND_FETCH_RESOURCE(result, MYSQL_RES *, &mysql_result, -1, "MySQL result", le_result); + if (mode & ~MYSQL_BOTH) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "The result type should be either MYSQL_NUM, MYSQL_ASSOC or MYSQL_BOTH"); + mode = MYSQL_BOTH; + } + mysqlnd_fetch_into(result, mode, return_value, MYSQLND_MYSQL); #endif } diff --git a/ext/mysql/tests/mysql_fetch_array.phpt b/ext/mysql/tests/mysql_fetch_array.phpt index 924c717501..635e6d1097 100644 --- a/ext/mysql/tests/mysql_fetch_array.phpt +++ b/ext/mysql/tests/mysql_fetch_array.phpt @@ -56,7 +56,7 @@ exit(1); do { $illegal_mode = mt_rand(0, 10000); } while (in_array($illegal_mode, array(MYSQL_ASSOC, MYSQL_NUM, MYSQL_BOTH))); -$tmp = @mysql_fetch_array($res, $illegal_mode); +$tmp = mysql_fetch_array($res, $illegal_mode); if (!is_array($tmp)) printf("[013] Expecting array, got %s/%s. [%d] %s\n", gettype($tmp), $tmp, mysql_errno($link), mysql_error($link)); @@ -355,5 +355,7 @@ array(11) { %unicode|string%(1) "1" } +Warning: mysql_fetch_array(): The result type should be either MYSQL_NUM, MYSQL_ASSOC or MYSQL_BOTH in %s on line %d + Warning: mysql_fetch_array(): %d is not a valid MySQL result resource in %s on line %d done! diff --git a/ext/mysqlnd/mysqlnd_result.c b/ext/mysqlnd/mysqlnd_result.c index 56969944aa..6c3bc14079 100644 --- a/ext/mysqlnd/mysqlnd_result.c +++ b/ext/mysqlnd/mysqlnd_result.c @@ -901,13 +901,8 @@ mysqlnd_fetch_row_unbuffered(MYSQLND_RES *result, void *param, unsigned int flag lengths[i] = len; } - /* Forbid ZE to free it, we will clean it */ - Z_ADDREF_P(data); - - if ((flags & MYSQLND_FETCH_BOTH) == MYSQLND_FETCH_BOTH) { - Z_ADDREF_P(data); - } if (flags & MYSQLND_FETCH_NUM) { + Z_ADDREF_P(data); zend_hash_next_index_insert(row_ht, &data, sizeof(zval *), NULL); } if (flags & MYSQLND_FETCH_ASSOC) { @@ -918,6 +913,7 @@ mysqlnd_fetch_row_unbuffered(MYSQLND_RES *result, void *param, unsigned int flag the index is a numeric and convert it to it. This however means constant hashing of the column name, which is not needed as it can be precomputed. */ + Z_ADDREF_P(data); if (zend_hash_key->is_numeric == FALSE) { #if PHP_MAJOR_VERSION >= 6 zend_u_hash_quick_update(Z_ARRVAL_P(row), IS_UNICODE, @@ -1128,16 +1124,8 @@ mysqlnd_fetch_row_buffered(MYSQLND_RES *result, void *param, unsigned int flags, for (i = 0; i < result->field_count; i++, field++, zend_hash_key++) { zval *data = current_row[i]; - /* - Let us later know what to do with this zval. If ref_count > 1, we will just - decrease it, otherwise free it. zval_ptr_dtor() make this very easy job. - */ - Z_ADDREF_P(data); - - if ((flags & MYSQLND_FETCH_BOTH) == MYSQLND_FETCH_BOTH) { - Z_ADDREF_P(data); - } if (flags & MYSQLND_FETCH_NUM) { + Z_ADDREF_P(data); zend_hash_next_index_insert(Z_ARRVAL_P(row), &data, sizeof(zval *), NULL); } if (flags & MYSQLND_FETCH_ASSOC) { @@ -1148,6 +1136,7 @@ mysqlnd_fetch_row_buffered(MYSQLND_RES *result, void *param, unsigned int flags, the index is a numeric and convert it to it. This however means constant hashing of the column name, which is not needed as it can be precomputed. */ + Z_ADDREF_P(data); if (zend_hash_key->is_numeric == FALSE) { #if PHP_MAJOR_VERSION >= 6 zend_u_hash_quick_update(Z_ARRVAL_P(row), IS_UNICODE, |