- Fix #53551 (PDOStatement execute segfaults for pdo_mysql driver)

diff --git a/ext/pdo_mysql/mysql_statement.c b/ext/pdo_mysql/mysql_statement.c
index 85d08f4b50d5c2d11f474f222c3666a6a18ba29c..375e49393086e82727c64da33291592ed87115a3 100755 (executable)
--- a/ext/pdo_mysql/mysql_statement.c
+++ b/ext/pdo_mysql/mysql_statement.c
@@ -136,8 +136,7 @@ static int pdo_mysql_stmt_execute_prepared_libmysql(pdo_stmt_t *stmt TSRMLS_DC)
        /* (re)bind the parameters */
        if (mysql_stmt_bind_param(S->stmt, S->params) || mysql_stmt_execute(S->stmt)) {
                if (S->params) {
-                       efree(S->params);
-                       S->params = 0;
+                       memset(S->params, 0, S->num_params * sizeof(MYSQL_BIND));
                }
                pdo_mysql_error_stmt(stmt);
                if (mysql_stmt_errno(S->stmt) == 2057) {

diff --git a/ext/pdo_mysql/tests/bug53551.phpt b/ext/pdo_mysql/tests/bug53551.phpt
new file mode 100644 (file)
index 0000000..865dcea
--- /dev/null
+++ b/ext/pdo_mysql/tests/bug53551.phpt
@@ -0,0 +1,73 @@
+--TEST--
+Bug #44327 (PDORow::queryString property & numeric offsets / Crash)
+--SKIPIF--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+$db = MySQLPDOTest::factory();
+?>
+--FILE--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 0);
+
+$createSql = "CREATE TABLE `bug53551` (
+  `count` bigint(20) unsigned NOT NULL DEFAULT '0'
+)";
+
+$db->exec('drop table if exists bug53551');
+$db->exec($createSql);
+$db->exec("insert into bug53551 set `count` = 1 ");
+$db->exec("SET sql_mode = 'Traditional'");
+$sql = 'UPDATE bug53551 SET `count` = :count';
+$stmt = $db->prepare($sql);
+
+$values = array (
+    'count' => NULL,
+);
+
+echo "1\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "2\n";
+$stmt->execute($values);
+var_dump($stmt->errorInfo());
+
+echo "\ndone\n";
+
+?>
+--CLEAN--
+<?php
+include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
+$db = MySQLPDOTest::factory();
+$db->exec('DROP TABLE IF EXISTS bug53551');
+?>
+--EXPECTF--
+1
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+2
+
+Warning: PDOStatement::execute(): SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'count' cannot be null in %s on line %d
+array(3) {
+  [0]=>
+  string(5) "23000"
+  [1]=>
+  int(1048)
+  [2]=>
+  string(29) "Column 'count' cannot be null"
+}
+
+done