There are situations where mysqlnd dupliates zvals while freeing result
sets. If the memory_limit is reached during this operation the engine
will bailout. This patch makes sure that a later attempt (during
RSHIUTDOWN) won't cause a double free, instead we rely on the engine to
free emalloc()ed memory after bailout.
. Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita)
. Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
+- mysqlnd
+ . Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes)
+
- PDO_pgsql:
. Fixed bug #62479 (PDO-psql cannot connect if password contains spaces) (willfitch, iliaa)
if (set->data) {
unsigned int copy_on_write_performed = 0;
unsigned int copy_on_write_saved = 0;
+ zval **data = set->data;
+ set->data = NULL; /* prevent double free if following loop is interrupted */
for (row = set->row_count - 1; row >= 0; row--) {
- zval **current_row = set->data + row * field_count;
+ zval **current_row = data + row * field_count;
MYSQLND_MEMORY_POOL_CHUNK *current_buffer = set->row_buffers[row];
int64_t col;
MYSQLND_INC_GLOBAL_STATISTIC_W_VALUE2(STAT_COPY_ON_WRITE_PERFORMED, copy_on_write_performed,
STAT_COPY_ON_WRITE_SAVED, copy_on_write_saved);
- mnd_efree(set->data);
- set->data = NULL;
+ mnd_efree(data);
}
if (set->row_buffers) {
projects / php / commitdiff