summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/mysqli/mysqli.c9
-rw-r--r--ext/mysqli/mysqli_api.c8
-rw-r--r--ext/mysqli/php_mysqli_structs.h4
-rw-r--r--ext/mysqli/tests/bug66762.phpt26
4 files changed, 46 insertions, 1 deletions
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 929f776a43..86de2ed919 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -176,8 +176,11 @@ void php_clear_stmt_bind(MY_STMT *stmt TSRMLS_DC)
php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
/* Clean output bind */
php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
-#endif
+ if (stmt->link_handle) {
+ zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC);
+ }
+#endif
if (stmt->query) {
efree(stmt->query);
}
@@ -1069,6 +1072,10 @@ PHP_FUNCTION(mysqli_stmt_construct)
efree(stmt);
RETURN_FALSE;
}
+#ifndef MYSQLI_USE_MYSQLND
+ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)stmt;
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 9028401595..719dffff3d 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1869,6 +1869,10 @@ PHP_FUNCTION(mysqli_prepare)
efree(stmt);
RETURN_FALSE;
}
+#ifndef MYSQLI_USE_MYSQLND
+ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)stmt;
@@ -2413,6 +2417,10 @@ PHP_FUNCTION(mysqli_stmt_init)
efree(stmt);
RETURN_FALSE;
}
+#ifndef MYSQLI_USE_MYSQLND
+ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
+ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
+#endif
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
mysqli_resource->status = MYSQLI_STATUS_INITIALIZED;
diff --git a/ext/mysqli/php_mysqli_structs.h b/ext/mysqli/php_mysqli_structs.h
index e7c02f9c9b..899c0c97c8 100644
--- a/ext/mysqli/php_mysqli_structs.h
+++ b/ext/mysqli/php_mysqli_structs.h
@@ -116,6 +116,10 @@ typedef struct {
BIND_BUFFER param;
BIND_BUFFER result;
char *query;
+#ifndef MYSQLI_USE_MYSQLND
+ /* used to manage refcount with libmysql (already implement in mysqlnd) */
+ zend_object_handle link_handle;
+#endif
} MY_STMT;
typedef struct {
diff --git a/ext/mysqli/tests/bug66762.phpt b/ext/mysqli/tests/bug66762.phpt
new file mode 100644
index 0000000000..2b8a92c7fd
--- /dev/null
+++ b/ext/mysqli/tests/bug66762.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Bug #66762 mysqli@libmysql segfault in mysqli_stmt::bind_result() when link closed
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+ require_once("connect.inc");
+
+ $mysqli = new mysqli($host, $user, $passwd, $db);
+
+ $read_stmt = $mysqli->prepare("SELECT 1");
+
+ var_dump($read_stmt->bind_result($data));
+
+ unset($mysqli);
+ var_dump($read_stmt->bind_result($data));
+
+?>
+done!
+--EXPECT--
+bool(true)
+bool(true)
+done! \ No newline at end of file
View Lorry Controller Status