From 64a7e465066dd526ea78d3ccae96856d76e79de2 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sun, 1 Jan 2006 20:07:41 +0000 Subject: [PATCH] Fixed bug #35797 (segfault on PDOStatement::execute() with zend.ze1_compatibility_mode = On). --- NEWS | 2 ++ ext/pdo/pdo_stmt.c | 31 ++++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 93ca26b0bc..41e74c1cc0 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ PHP NEWS the callback). (Tony) - Fixed bug #35817 (unpack() does not decode odd number of hexadecimal values). (Ilia) +- Fixed bug #35797 (segfault on PDOStatement::execute() with + zend.ze1_compatibility_mode = On). (Tony, Ilia) - Fixed bug #35781 (stream_filter_append() can cause segfault). (Tony) - Fixed bug #35759 (mysqli_stmt_bind_result() makes huge allocation when column empty). (Andrey) diff --git a/ext/pdo/pdo_stmt.c b/ext/pdo/pdo_stmt.c index e410964dca..f2d9b4d139 100755 --- a/ext/pdo/pdo_stmt.c +++ b/ext/pdo/pdo_stmt.c @@ -2060,6 +2060,34 @@ static int dbstmt_compare(zval *object1, zval *object2 TSRMLS_DC) return -1; } +static zend_object_value dbstmt_clone_obj(zval *zobject TSRMLS_DC) +{ + zend_object_value retval; + zval *tmp; + pdo_stmt_t *stmt; + pdo_stmt_t *old_stmt; + zend_object_handle handle = Z_OBJ_HANDLE_P(zobject); + + stmt = ecalloc(1, sizeof(*stmt)); + stmt->ce = Z_OBJCE_P(zobject); + stmt->refcount = 1; + ALLOC_HASHTABLE(stmt->properties); + zend_hash_init(stmt->properties, 0, NULL, ZVAL_PTR_DTOR, 0); + zend_hash_copy(stmt->properties, &stmt->ce->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); + + old_stmt = (pdo_stmt_t *)zend_object_store_get_object(zobject TSRMLS_CC); + + retval.handle = zend_objects_store_put(stmt, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t)pdo_dbstmt_free_storage, (zend_objects_store_clone_t)dbstmt_clone_obj TSRMLS_CC); + retval.handlers = Z_OBJ_HT_P(zobject); + + zend_objects_clone_members((zend_object *)stmt, retval, (zend_object *)old_stmt, handle TSRMLS_CC); + + zend_objects_store_add_ref(&old_stmt->database_object_handle TSRMLS_CC); + stmt->database_object_handle = old_stmt->database_object_handle; + + return retval; +} + zend_object_handlers pdo_dbstmt_object_handlers; void pdo_stmt_init(TSRMLS_D) @@ -2078,6 +2106,7 @@ void pdo_stmt_init(TSRMLS_D) pdo_dbstmt_object_handlers.unset_property = dbstmt_prop_delete; pdo_dbstmt_object_handlers.get_method = dbstmt_method_get; pdo_dbstmt_object_handlers.compare_objects = dbstmt_compare; + pdo_dbstmt_object_handlers.clone_obj = dbstmt_clone_obj; INIT_CLASS_ENTRY(ce, "PDORow", pdo_row_functions); pdo_row_ce = zend_register_internal_class(&ce TSRMLS_CC); @@ -2172,7 +2201,7 @@ zend_object_value pdo_dbstmt_new(zend_class_entry *ce TSRMLS_DC) zend_hash_init(stmt->properties, 0, NULL, ZVAL_PTR_DTOR, 0); zend_hash_copy(stmt->properties, &ce->default_properties, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); - retval.handle = zend_objects_store_put(stmt, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t)pdo_dbstmt_free_storage, NULL TSRMLS_CC); + retval.handle = zend_objects_store_put(stmt, (zend_objects_store_dtor_t)zend_objects_destroy_object, (zend_objects_free_object_storage_t)pdo_dbstmt_free_storage, (zend_objects_store_clone_t)dbstmt_clone_obj TSRMLS_CC); retval.handlers = &pdo_dbstmt_object_handlers; return retval; -- 2.40.0