From: Xinchen Hui Date: Thu, 19 Jun 2014 06:24:49 +0000 (+0800) Subject: Fixed various bugs X-Git-Tag: POST_PHPNG_MERGE~177 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=049e52f19b5854d6b9bce8ada3c3cb1a1bd01d56;p=php Fixed various bugs --- diff --git a/ext/mysqlnd/mysqlnd_ps.c b/ext/mysqlnd/mysqlnd_ps.c index a074bf403d..a72da6e5e9 100644 --- a/ext/mysqlnd/mysqlnd_ps.c +++ b/ext/mysqlnd/mysqlnd_ps.c @@ -644,13 +644,13 @@ MYSQLND_METHOD(mysqlnd_stmt, execute)(MYSQLND_STMT * const s TSRMLS_DC) fetch(); <-- no binding, but that's not a problem bind_result(); execute(); <-- here we will leak because we separate without need - */ unsigned int i; for (i = 0; i < stmt->field_count; i++) { if (stmt->result_bind[i].bound == TRUE) { zval_copy_ctor(&stmt->result_bind[i].zv); } } + */ } #endif @@ -788,7 +788,7 @@ mysqlnd_stmt_fetch_row_buffered(MYSQLND_RES * result, void * param, unsigned int for (i = 0; i < result->field_count; i++) { /* Clean what we copied last time */ #ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF - zval_dtor(&stmt->result_bind[i].zv); + zval_dtor(Z_REFVAL(stmt->result_bind[i].zv)); #endif /* copy the type */ if (stmt->result_bind[i].bound == TRUE) { @@ -802,12 +802,12 @@ mysqlnd_stmt_fetch_row_buffered(MYSQLND_RES * result, void * param, unsigned int counting the user can't delete the strings the variables point to. */ - ZVAL_COPY_VALUE(&stmt->result_bind[i].zv, ¤t_row[i]); + ZVAL_COPY_VALUE(Z_REFVAL(stmt->result_bind[i].zv), ¤t_row[i]); #ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF - zval_copy_ctor(&stmt->result_bind[i].zv); + zval_copy_ctor(Z_REFVAL(stmt->result_bind[i].zv)); #endif } else { - ZVAL_NULL(&stmt->result_bind[i].zv); + ZVAL_NULL(Z_REFVAL(stmt->result_bind[i].zv)); } } } @@ -895,14 +895,14 @@ mysqlnd_stmt_fetch_row_unbuffered(MYSQLND_RES * result, void * param, unsigned i in result->unbuf->m.free_last_data() */ #ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF - zval_dtor(&stmt->result_bind[i].zv); + zval_dtor(Z_REFVAL(stmt->result_bind[i].zv)); #endif if (!Z_ISNULL_P(data)) { if ((Z_TYPE_P(data) == IS_STRING) && (meta->fields[i].max_length < (unsigned long) Z_STRLEN_P(data))) { meta->fields[i].max_length = Z_STRLEN_P(data); } - ZVAL_COPY_VALUE(&stmt->result_bind[i].zv, data); + ZVAL_COPY_VALUE(Z_REFVAL(stmt->result_bind[i].zv), data); /* copied data, thus also the ownership. Thus null data */ ZVAL_NULL(data); } @@ -1076,7 +1076,7 @@ mysqlnd_fetch_stmt_row_cursor(MYSQLND_RES * result, void * param, unsigned int f in result->unbuf->m.free_last_data() */ #ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF - zval_dtor(&stmt->result_bind[i].zv); + zval_dtor(Z_REFVAL(stmt->result_bind[i].zv)); #endif DBG_INF_FMT("i=%u bound_var=%p type=%u refc=%u", i, &stmt->result_bind[i].zv, Z_TYPE_P(data), Z_REFCOUNTED(stmt->result_bind[i].zv)? @@ -1086,7 +1086,7 @@ mysqlnd_fetch_stmt_row_cursor(MYSQLND_RES * result, void * param, unsigned int f (meta->fields[i].max_length < (unsigned long) Z_STRLEN_P(data))) { meta->fields[i].max_length = Z_STRLEN_P(data); } - ZVAL_COPY_VALUE(&stmt->result_bind[i].zv, data); + ZVAL_COPY_VALUE(Z_REFVAL(stmt->result_bind[i].zv), data); /* copied data, thus also the ownership. Thus null data */ ZVAL_NULL(data); } diff --git a/ext/mysqlnd/mysqlnd_ps_codec.c b/ext/mysqlnd/mysqlnd_ps_codec.c index 13b44d10a9..234cec4fb7 100644 --- a/ext/mysqlnd/mysqlnd_ps_codec.c +++ b/ext/mysqlnd/mysqlnd_ps_codec.c @@ -505,6 +505,7 @@ mysqlnd_stmt_copy_it(zval ** copies, zval * original, unsigned int param_count, *copies = mnd_ecalloc(param_count, sizeof(zval)); } if (*copies) { + ZVAL_DEREF(original); ZVAL_COPY(&(*copies)[current], original); //????Z_SET_REFCOUNT_P((*copies)[current], 1); //zval_copy_ctor((*copies)[current]); @@ -587,6 +588,7 @@ mysqlnd_stmt_execute_prepare_param_types(MYSQLND_STMT_DATA * stmt, zval ** copie value is too big for a long. As said, precision could be lost. */ zval tmp_data_copy; + ZVAL_DEREF(tmp_data); ZVAL_COPY(&tmp_data_copy, tmp_data); convert_to_double_ex(&tmp_data_copy);