diff options
| author | Yussuf Khalil <dev@pp3345.net> | 2017-04-05 20:57:03 +0200 |
|---|---|---|
| committer | Yussuf Khalil <dev@pp3345.net> | 2017-04-05 20:57:03 +0200 |
| commit | 27120d4412a7122f27ac1fcd4d91090ce7979647 (patch) | |
| tree | fbfd1bd3a744e9edee659840fb21294bd507a0a3 /ext | |
| parent | 4ca3468e78c78ed7f3ecb9624c0ecd3fd442790f (diff) | |
| download | php-git-27120d4412a7122f27ac1fcd4d91090ce7979647.tar.gz | |
Fix invalid free of persistent results on error/connection loss in mysqlnd (bug 74376)
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/mysqlnd/mysqlnd_ps.c | 4 | ||||
| -rw-r--r-- | ext/pdo_mysql/tests/bug_74376.phpt | 27 |
2 files changed, 29 insertions, 2 deletions
diff --git a/ext/mysqlnd/mysqlnd_ps.c b/ext/mysqlnd/mysqlnd_ps.c index 2631e4a797..52a06d7615 100644 --- a/ext/mysqlnd/mysqlnd_ps.c +++ b/ext/mysqlnd/mysqlnd_ps.c @@ -129,7 +129,7 @@ MYSQLND_METHOD(mysqlnd_stmt, store_result)(MYSQLND_STMT * const s) } else { COPY_CLIENT_ERROR(*conn->error_info, result->stored_data->error_info); stmt->result->m.free_result_contents(stmt->result); - mnd_efree(stmt->result); + mnd_pefree(stmt->result, stmt->result->persistent); stmt->result = NULL; stmt->state = MYSQLND_STMT_PREPARED; } @@ -356,7 +356,7 @@ mysqlnd_stmt_prepare_read_eof(MYSQLND_STMT * s) if (FAIL == (ret = PACKET_READ(fields_eof, stmt->conn))) { if (stmt->result) { stmt->result->m.free_result_contents(stmt->result); - mnd_efree(stmt->result); + mnd_pefree(stmt->result, stmt->result->persistent); memset(stmt, 0, sizeof(MYSQLND_STMT_DATA)); stmt->state = MYSQLND_STMT_INITTED; } diff --git a/ext/pdo_mysql/tests/bug_74376.phpt b/ext/pdo_mysql/tests/bug_74376.phpt new file mode 100644 index 0000000000..29b16748ff --- /dev/null +++ b/ext/pdo_mysql/tests/bug_74376.phpt @@ -0,0 +1,27 @@ +--TEST-- +Bug #74376 (Invalid free of persistent results on error/connection loss) +--SKIPIF-- +<?php +if (!extension_loaded('pdo') || !extension_loaded('pdo_mysql')) die('skip not loaded'); +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc'); +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); +MySQLPDOTest::skip(); +?> +--FILE-- +<?php +require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); + +$attr = getenv('PDOTEST_ATTR'); +$attr = $attr ? unserialize($attr) : []; +$attr[PDO::ATTR_PERSISTENT] = true; +$attr[PDO::ATTR_EMULATE_PREPARES] = false; + +putenv('PDOTEST_ATTR=' . serialize($attr)); + +$db = MySQLPDOTest::factory(); +$stmt = $db->query("select (select 1 union select 2)"); + +print "ok"; +?> +--EXPECTF-- +ok |