From: Nikita Popov <nikic@php.net>
Date: Thu, 16 Apr 2015 19:00:41 +0000 (+0200)
Subject: Fix leak of Pdo object if query() fails
X-Git-Tag: PRE_PHP7_NSAPI_REMOVAL~249
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6202e2860d84b7415a9da613e77ac800d64a1a51;p=php

Fix leak of Pdo object if query() fails

Decref the DBH object when storing the errored query statement --
the DBH owns the stmt, so it will live long enough.
---

diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
index a847ae5103..9029e4a8ea 100644
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@@ -1114,6 +1114,8 @@ static PHP_METHOD(PDO, query)
 		/* something broke */
 		dbh->query_stmt = stmt;
 		ZVAL_COPY_VALUE(&dbh->query_stmt_zval, return_value);
+		Z_DELREF(stmt->database_object_handle);
+		ZVAL_UNDEF(&stmt->database_object_handle);
 		PDO_HANDLE_STMT_ERR();
 	} else {
 		PDO_HANDLE_DBH_ERR();
diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c
index 15e489a0bd..3c09609fc6 100644
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@@ -803,7 +803,7 @@ static int do_fetch_func_prepare(pdo_stmt_t *stmt) /* {{{ */
 }
 /* }}} */
 
-static int do_fetch_opt_finish(pdo_stmt_t *stmt, int free_ctor_agrs) /* {{{ */
+static void do_fetch_opt_finish(pdo_stmt_t *stmt, int free_ctor_agrs) /* {{{ */
 {
 	/* fci.size is used to check if it is valid */
 	if (stmt->fetch.cls.fci.size && stmt->fetch.cls.fci.params) {
@@ -826,7 +826,6 @@ static int do_fetch_opt_finish(pdo_stmt_t *stmt, int free_ctor_agrs) /* {{{ */
 		efree(stmt->fetch.func.values);
 		stmt->fetch.func.values = NULL;
 	}
-	return 1;
 }
 /* }}} */