From: Xinchen Hui <laruence@gmail.com>
Date: Fri, 7 Apr 2017 07:20:53 +0000 (+0800)
Subject: Merge branch 'PHP-7.0' into PHP-7.1
X-Git-Tag: php-7.1.5RC1~71
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=39327b90e3eef1128c757e0970c4c9935c83f889;p=php

Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0:
  Fix invalid free of persistent results on error/connection loss in mysqlnd (bug 74376)

Conflicts:
	ext/mysqlnd/mysqlnd_ps.c
---

39327b90e3eef1128c757e0970c4c9935c83f889
diff --cc ext/mysqlnd/mysqlnd_ps.c
index 256bbe4d47,52a06d7615..41c024ab16
--- a/ext/mysqlnd/mysqlnd_ps.c
+++ b/ext/mysqlnd/mysqlnd_ps.c
@@@ -120,9 -127,9 +120,9 @@@ MYSQLND_METHOD(mysqlnd_stmt, store_resu
  
  		stmt->state = MYSQLND_STMT_USE_OR_STORE_CALLED;
  	} else {
 -		COPY_CLIENT_ERROR(*conn->error_info, result->stored_data->error_info);
 +		COPY_CLIENT_ERROR(conn->error_info, result->stored_data->error_info);
  		stmt->result->m.free_result_contents(stmt->result);
- 		mnd_efree(stmt->result);
+ 		mnd_pefree(stmt->result, stmt->result->persistent);
  		stmt->result = NULL;
  		stmt->state = MYSQLND_STMT_PREPARED;
  	}
@@@ -339,20 -348,15 +339,20 @@@ mysqlnd_stmt_prepare_read_eof(MYSQLND_S
  	}
  	DBG_INF_FMT("stmt=%lu", stmt->stmt_id);
  
 -	fields_eof = stmt->conn->protocol->m.get_eof_packet(stmt->conn->protocol, FALSE);
 +	fields_eof = conn->payload_decoder_factory->m.get_eof_packet(conn->payload_decoder_factory, FALSE);
  	if (!fields_eof) {
 -		SET_OOM_ERROR(*stmt->error_info);
 -		SET_OOM_ERROR(*stmt->conn->error_info);
 +		SET_OOM_ERROR(stmt->error_info);
 +		SET_OOM_ERROR(conn->error_info);
  	} else {
 -		if (FAIL == (ret = PACKET_READ(fields_eof, stmt->conn))) {
 +		if (FAIL == (ret = PACKET_READ(fields_eof))) {
  			if (stmt->result) {
  				stmt->result->m.free_result_contents(stmt->result);
- 				mnd_efree(stmt->result);
+ 				mnd_pefree(stmt->result, stmt->result->persistent);
 +				/* XXX: This will crash, because we will null also the methods.
 +					But seems it happens in extreme cases or doesn't. Should be fixed by exporting a function
 +					(from mysqlnd_driver.c?) to do the reset.
 +					This bad handling is also in mysqlnd_result.c
 +				*/
  				memset(stmt, 0, sizeof(MYSQLND_STMT_DATA));
  				stmt->state = MYSQLND_STMT_INITTED;
  			}