Fix for bug#61411

Bug #61411 PDO Segfaults with PERSISTENT == TRUE && EMULATE_PREPARES == FALSE
Wrong allocation, that doesn't follow the scheme of using stmt->persistent
was the root cause of the problem and the crash at free.

diff --git a/ext/mysqlnd/mysqlnd_ps.c b/ext/mysqlnd/mysqlnd_ps.c
index b1ce6dfa6644f7e0afee7a91841eba2545a1af11..2044390715f5071a91d23eb08f39930e77f861f7 100644 (file)
--- a/ext/mysqlnd/mysqlnd_ps.c
+++ b/ext/mysqlnd/mysqlnd_ps.c
@@ -1630,9 +1630,9 @@ MYSQLND_METHOD(mysqlnd_stmt, bind_one_result)(MYSQLND_STMT * const s, unsigned i
                mysqlnd_stmt_separate_one_result_bind(s, param_no TSRMLS_CC);
                /* Guaranteed is that stmt->result_bind is NULL */
                if (!stmt->result_bind) {
-                       stmt->result_bind = mnd_ecalloc(stmt->field_count, sizeof(MYSQLND_RESULT_BIND));
+                       stmt->result_bind = mnd_pecalloc(stmt->field_count, sizeof(MYSQLND_RESULT_BIND), stmt->persistent);
                } else {
-                       stmt->result_bind = mnd_erealloc(stmt->result_bind, stmt->field_count * sizeof(MYSQLND_RESULT_BIND));
+                       stmt->result_bind = mnd_perealloc(stmt->result_bind, stmt->field_count * sizeof(MYSQLND_RESULT_BIND), stmt->persistent);
                }
                if (!stmt->result_bind) {
                        DBG_RETURN(FAIL);

diff --git a/ext/pdo_mysql/tests/bug_61411.phpt b/ext/pdo_mysql/tests/bug_61411.phpt
new file mode 100644 (file)
index 0000000..794d307
--- /dev/null
+++ b/ext/pdo_mysql/tests/bug_61411.phpt
@@ -0,0 +1,53 @@
+--TEST--
+Bug #61411 (PDO Segfaults with PERSISTENT == TRUE && EMULATE_PREPARES == FALSE)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo') || !extension_loaded('pdo_mysql')) die('skip not loaded');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+$db = MySQLPDOTest::factory();
+
+$row = $db->query('SELECT VERSION() as _version')->fetch(PDO::FETCH_ASSOC);
+$matches = array();
+if (!preg_match('/^(\d+)\.(\d+)\.(\d+)/ismU', $row['_version'], $matches))
+       die(sprintf("skip Cannot determine MySQL Server version\n"));
+
+$version = $matches[0] * 10000 + $matches[1] * 100 + $matches[2];
+if ($version < 40106)
+       die(sprintf("skip Need MySQL Server 4.1.6+, found %d.%02d.%02d (%d)\n",
+               $matches[0], $matches[1], $matches[2], $version));
+?>
+--FILE--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+
+$attr  = getenv('PDOTEST_ATTR');
+if (!$attr) {
+       $attr = array();
+} else {
+       $attr = unserialize($attr);
+}
+$attr[PDO::ATTR_PERSISTENT] = true;
+$attr[PDO::ATTR_EMULATE_PREPARES] = false;
+putenv('PDOTEST_ATTR='.serialize($attr));
+
+$db = MySQLPDOTest::factory();
+
+$stmt = $db->prepare("SELECT 1");
+$stmt->execute();
+
+foreach ($stmt as $line) {
+       var_dump($line);
+}
+
+print "done!";
+?>
+--EXPECTF--
+array(2) {
+  [1]=>
+  int(1)
+  [2]=>
+  int(1)
+}
+done!