Fixed Bug #66043 (Segfault calling bind_param() on mysqli)

Although the doc said it is (unsigned int *), but it is ulong* in the
libmysql 5.0 's source codes

3 files changed, 29 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 7e426956e5..091ae9aa81 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2013, PHP 5.4.23
+
+- MySQLi:
+  . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence)
+
 - PDO
   . Fixed bug 65946 (sql_parser permanently converts values bound to strings)
 
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 2cda0aa903..6078a5e758 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -384,7 +384,7 @@ mysqli_stmt_bind_result_do_bind(MY_STMT *stmt, zval ***args, unsigned int argc,
 				/* Changed to my_bool in MySQL 5.1. See MySQL Bug #16144 */
 				my_bool tmp;
 #else
-				uint tmp = 0;
+				ulong tmp = 0;
 #endif
 				stmt->result.buf[ofs].type = IS_STRING;
 				/*
diff --git a/ext/mysqli/tests/bug66043.phpt b/ext/mysqli/tests/bug66043.phpt
new file mode 100644
index 0000000000..d0e8b1c3d3
--- /dev/null
+++ b/ext/mysqli/tests/bug66043.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #66043 (Segfault calling bind_param() on mysqli)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once("connect.inc");
+if ($IS_MYSQLND) {
+    die("skip libmysql only test");
+}
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+require 'connect.inc';
+$db = new mysqli($host, $user, $passwd, 'mysql');
+
+$stmt = $db->stmt_init();
+$stmt->prepare("SELECT User FROM user WHERE password=\"\"");
+$stmt->execute();
+$stmt->bind_result($testArg);
+echo "Okey";
+?>
+--EXPECTF--
+Okey