FIx bug #71569

convert_to_string() may result in an interned string.

diff --git a/NEWS b/NEWS
index a13c4b2d54f50c19740cd5edf551de909bcc6308..e551a97e08981364682b5366b8e5acfb5bb69444 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,9 @@ PHP                                                                        NEWS
   . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
     setup). (Matt Haught, Remi)
 
+- PDO MySQL:
+  . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)
+
 - Standard:
   . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
 

diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c
index 003a0c33be2f6200d88eb4f35b8161aab0dfb1fd..e82fdf46db82fecd256c9d3247d4bd631c2de4fd 100644 (file)
--- a/ext/pdo_mysql/mysql_driver.c
+++ b/ext/pdo_mysql/mysql_driver.c
@@ -658,31 +658,31 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
                init_cmd = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_INIT_COMMAND, NULL TSRMLS_CC);
                if (init_cmd) {
                        if (mysql_options(H->server, MYSQL_INIT_COMMAND, (const char *)init_cmd)) {
-                               efree(init_cmd);
+                               str_efree(init_cmd);
                                pdo_mysql_error(dbh);
                                goto cleanup;
                        }
-                       efree(init_cmd);
+                       str_efree(init_cmd);
                }
 #ifndef PDO_USE_MYSQLND                
                default_file = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_FILE, NULL TSRMLS_CC);
                if (default_file) {
                        if (mysql_options(H->server, MYSQL_READ_DEFAULT_FILE, (const char *)default_file)) {
-                               efree(default_file);
+                               str_efree(default_file);
                                pdo_mysql_error(dbh);
                                goto cleanup;
                        }
-                       efree(default_file);
+                       str_efree(default_file);
                }
                
                default_group= pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_GROUP, NULL TSRMLS_CC);
                if (default_group) {
                        if (mysql_options(H->server, MYSQL_READ_DEFAULT_GROUP, (const char *)default_group)) {
-                               efree(default_group);
+                               str_efree(default_group);
                                pdo_mysql_error(dbh);
                                goto cleanup;
                        }
-                       efree(default_group);
+                       str_efree(default_group);
                }
 #endif
                compress = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_COMPRESS, 0 TSRMLS_CC);
@@ -702,19 +702,19 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
                if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher) {
                        mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
                        if (ssl_key) {
-                               efree(ssl_key);
+                               str_efree(ssl_key);
                        }
                        if (ssl_cert) {
-                               efree(ssl_cert);
+                               str_efree(ssl_cert);
                        }
                        if (ssl_ca) {
-                               efree(ssl_ca);
+                               str_efree(ssl_ca);
                        }
                        if (ssl_capath) {
-                               efree(ssl_capath);
+                               str_efree(ssl_capath);
                        }
                        if (ssl_cipher) {
-                               efree(ssl_cipher);
+                               str_efree(ssl_cipher);
                        }
                }
 
@@ -724,10 +724,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
                        if (public_key) {
                                if (mysql_options(H->server, MYSQL_SERVER_PUBLIC_KEY, public_key)) {
                                        pdo_mysql_error(dbh);
-                                       efree(public_key);
+                                       str_efree(public_key);
                                        goto cleanup;
                                }
-                               efree(public_key);
+                               str_efree(public_key);
                        }
                }
 #endif

diff --git a/ext/pdo_mysql/tests/bug71569.phpt b/ext/pdo_mysql/tests/bug71569.phpt
new file mode 100644 (file)
index 0000000..3ace1e9
--- /dev/null
+++ b/ext/pdo_mysql/tests/bug71569.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Bug #70389 (PDO constructor changes unrelated variables)
+--SKIPIF--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+?>
+--FILE--
+<?php
+require(dirname(__FILE__). DIRECTORY_SEPARATOR . 'config.inc');
+
+try {
+    new PDO(PDO_MYSQL_TEST_DSN, PDO_MYSQL_TEST_USER, PDO_MYSQL_TEST_PASS, [
+        PDO::MYSQL_ATTR_INIT_COMMAND => null,
+    ]);
+} catch (PDOException $e) {
+    echo $e->getMessage();
+}
+
+?>
+--EXPECT--
+SQLSTATE[42000] [1065] Query was empty