Fixed bug #34623 (Crash in pdo_mysql on longtext fields).

diff --git a/ext/pdo_mysql/mysql_statement.c b/ext/pdo_mysql/mysql_statement.c
index 1c819a623aa770aa5a4704b6722d31b89dcd3e1d..9a48b128a04353e23611b1fc689bb1b8978f20b4 100755 (executable)
--- a/ext/pdo_mysql/mysql_statement.c
+++ b/ext/pdo_mysql/mysql_statement.c
@@ -71,6 +71,8 @@ static int pdo_mysql_stmt_dtor(pdo_stmt_t *stmt TSRMLS_DC)
        return 1;
 }
 
+#define PDO_MYSQL_MAX_BUFFER 1024*1024 /* 1 megabyte */
+
 static int pdo_mysql_stmt_execute(pdo_stmt_t *stmt TSRMLS_DC)
 {
        pdo_mysql_stmt *S = (pdo_mysql_stmt*)stmt->driver_data;
@@ -141,6 +143,10 @@ static int pdo_mysql_stmt_execute(pdo_stmt_t *stmt TSRMLS_DC)
                                                        S->bound_result[i].buffer_length =
                                                                S->fields[i].max_length? S->fields[i].max_length:
                                                                S->fields[i].length;
+                                                       /* work-around for longtext and alike */
+                                                       if (S->bound_result[i].buffer_length > PDO_MYSQL_MAX_BUFFER) {
+                                                               S->bound_result[i].buffer_length = PDO_MYSQL_MAX_BUFFER;
+                                                       }
                                        }
                                        S->bound_result[i].buffer = emalloc(S->bound_result[i].buffer_length);
                                        S->bound_result[i].is_null = &S->out_null[i];