Fix bug 72788: Invalid memory access when database_object_handle

is undefined. Also fix memory leak in dbh_free when using persistent
PDO connections.

diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
index 2fb5334a9d3f2b9ee8a556dfe76dd9b508b5bae9..8a7c1d39318318b9b93cf7ab8da9f24478d3ab35 100644 (file)
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@@ -1503,15 +1503,15 @@ static void dbh_free(pdo_dbh_t *dbh, zend_bool free_persistent)
 {
        int i;
 
-       if (dbh->is_persistent && !free_persistent) {
-               return;
-       }
-
        if (dbh->query_stmt) {
                zval_ptr_dtor(&dbh->query_stmt_zval);
                dbh->query_stmt = NULL;
        }
 
+       if (dbh->is_persistent && !free_persistent) {
+               return;
+       }
+
        if (dbh->methods) {
                dbh->methods->closer(dbh);
        }

diff --git a/ext/pdo/tests/bug_72788.phpt b/ext/pdo/tests/bug_72788.phpt
new file mode 100644 (file)
index 0000000..80609a2
--- /dev/null
+++ b/ext/pdo/tests/bug_72788.phpt
@@ -0,0 +1,33 @@
+--TEST--
+PDO Common: Bug #72788 (Invalid memory access when using persistent PDO connection)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo')) die('skip');
+$dir = getenv('REDIR_TEST_DIR');
+if (false == $dir) die('skip no driver');
+require_once $dir . 'pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+if (getenv('REDIR_TEST_DIR') === false) putenv('REDIR_TEST_DIR='.dirname(__FILE__) . '/../../pdo/tests/');
+require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
+
+putenv("PDOTEST_ATTR=" . serialize(array(PDO::ATTR_PERSISTENT => true)));
+
+function test() {
+    $db = PDOTest::factory('PDO', false);
+    $stmt = @$db->query("SELECT 1 FROM TABLE_DOES_NOT_EXIST");
+    if ($stmt === false) {
+        echo "Statement failed as expected\n";
+    }
+}
+
+test();
+test();
+echo "Done";
+?>
+--EXPECT--
+Statement failed as expected
+Statement failed as expected
+Done

diff --git a/ext/pdo/tests/pdo_017.phpt b/ext/pdo/tests/pdo_017.phpt
index 31ee88b76b4e456e00bdbc1d8c3af6417143fe19..2b8568fb46c54e122ddcc5d0efc2ffbefbb7a646 100644 (file)
--- a/ext/pdo/tests/pdo_017.phpt
+++ b/ext/pdo/tests/pdo_017.phpt
@@ -16,7 +16,7 @@ try {
 }
 
 if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') {
-       require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+       require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../pdo_mysql/tests/mysql_pdo_test.inc');
        if (false === MySQLPDOTest::detect_transactional_mysql_engine($db)) {
                die('skip your mysql configuration does not support working transactions');
        }
@@ -29,7 +29,7 @@ require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
 $db = PDOTest::factory();
 
 if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') {
-       require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+       require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../pdo_mysql/tests/mysql_pdo_test.inc');
        $suf = ' ENGINE=' . MySQLPDOTest::detect_transactional_mysql_engine($db);
 } else {
        $suf = '';

diff --git a/ext/pdo_mysql/mysql_statement.c b/ext/pdo_mysql/mysql_statement.c
index b141de79efe5ae7d3a456d1d84130cb2e1c3eedf..4a2146dd161bac466a7cca70f3bee88feb68e779 100644 (file)
--- a/ext/pdo_mysql/mysql_statement.c
+++ b/ext/pdo_mysql/mysql_statement.c
@@ -88,7 +88,8 @@ static int pdo_mysql_stmt_dtor(pdo_stmt_t *stmt) /* {{{ */
        }
 #endif
 
-       if (IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
+       if (!Z_ISUNDEF(stmt->database_object_handle)
+               && IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
                && (!(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED))) {
                while (mysql_more_results(S->H->server)) {
                        MYSQL_RES *res;

diff --git a/ext/pdo_mysql/tests/pdo_mysql___construct.phpt b/ext/pdo_mysql/tests/pdo_mysql___construct.phpt
index 219678c671a4a5720796586b335f9ca2e45cbfad..4c11453637a6df1ff6d1fc4aafb8979acc194d04 100644 (file)
--- a/ext/pdo_mysql/tests/pdo_mysql___construct.phpt
+++ b/ext/pdo_mysql/tests/pdo_mysql___construct.phpt
@@ -300,5 +300,6 @@ MySQLPDOTest::skip();
 [006] invalid data source name, [n/a] n/a
 [007] could not find driver, [n/a] n/a
 [009] SQLSTATE[%s] [1045] Access denied for user 'dont%s'@'%s' (using password: YES), [n/a] n/a
+[015] DSN=%s, SQLSTATE[%s] [%d] %s
 [017] DSN=%s, SQLSTATE[%s] [%d] %s
 done!

diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
index a5ee2e993e81d8569b19ffec2a282995294bf537..f7c46a67068907cd9f479114413774294e7236ac 100644 (file)
--- a/ext/pdo_pgsql/pgsql_statement.c
+++ b/ext/pdo_pgsql/pgsql_statement.c
@@ -61,7 +61,8 @@
 static int pgsql_stmt_dtor(pdo_stmt_t *stmt)
 {
        pdo_pgsql_stmt *S = (pdo_pgsql_stmt*)stmt->driver_data;
-       zend_bool server_obj_usable = IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
+       zend_bool server_obj_usable = !Z_ISUNDEF(stmt->database_object_handle)
+               && IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
                && !(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED);
 
        if (S->result) {