From a5cea052e8a34ac38923d38261b2025f229133ee Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Mon, 10 Oct 2005 20:03:00 +0000
Subject: [PATCH] fix #34818 (new mysqli_stmt() and several others crash if the
 first parameter is not a valid mysqli_link)

---
 NEWS                        |  2 ++
 ext/mysqli/mysqli.c         | 26 +++++++++++++-------------
 ext/mysqli/mysqli_warning.c | 10 +++++-----
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index a4bebec4ec..a6ba4375e8 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,8 @@ PHP                                                                        NEWS
 - Fixed "make test" to work for phpized extensions. (Hartmut, Jani)
 - Fixed failing queries (FALSE returned) with mysqli_query() on 64 bit systems.
   (Andrey)
+- Fixed bug #34818 (several functions crash when invalid mysqli_link object 
+  is passed). (Tony)
 - Fixed bug #34810 (mysqli::init() and others use wrong $this pointer
   without checks). (Tony)
 - Fixed bug #34809 (FETCH_INTO in PDO crashes without a destination object).
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 436cc3ccef..e78558a727 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -652,33 +652,34 @@ Parameters:
 ZEND_FUNCTION(mysqli_stmt_construct)
 {
 	MY_MYSQL			*mysql;
-	zval  				**mysql_link, **statement;
+	zval  				*mysql_link;
 	MY_STMT				*stmt;
 	MYSQLI_RESOURCE 	*mysqli_resource;
+	char				*statement;
+	int					stmt_len;
 
 	switch (ZEND_NUM_ARGS())
 	{
 		case 1:  /* mysql_stmt_init */
-	        if (zend_get_parameters_ex(1, &mysql_link)==FAILURE) {
+	        if (zend_parse_parameters(1, "O", &mysql_link, mysqli_link_class_entry)==FAILURE) {
 				return;
 			}
-			MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, mysql_link, "mysqli_link");
+			MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link");
 
 			stmt = (MY_STMT *)ecalloc(1,sizeof(MY_STMT));
 
 			stmt->stmt = mysql_stmt_init(mysql->mysql);
 		break;
 		case 2:
-	        if (zend_get_parameters_ex(2, &mysql_link, &statement)==FAILURE) {
+	        if (zend_parse_parameters(2, "Os", &mysql_link, mysqli_link_class_entry, &statement, &stmt_len)==FAILURE) {
 				return;
 			}
-			MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, mysql_link, "mysqli_link");
-			convert_to_string_ex(statement);
+			MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link");
 
 			stmt = (MY_STMT *)ecalloc(1,sizeof(MY_STMT));
 	
 			if ((stmt->stmt = mysql_stmt_init(mysql->mysql))) {
-				mysql_stmt_prepare(stmt->stmt, Z_STRVAL_PP(statement), strlen(Z_STRVAL_PP(statement)));
+				mysql_stmt_prepare(stmt->stmt, statement, stmt_len);
 			}
 		break;
 		default:
@@ -708,27 +709,26 @@ ZEND_FUNCTION(mysqli_result_construct)
 {
 	MY_MYSQL			*mysql;
 	MYSQL_RES			*result;
-	zval				**mysql_link, **mode;
+	zval				*mysql_link;
 	MYSQLI_RESOURCE 	*mysqli_resource;
-	int					resmode = MYSQLI_STORE_RESULT;
+	long				resmode = MYSQLI_STORE_RESULT;
 
 	switch (ZEND_NUM_ARGS()) {
 		case 1:
-	        if (zend_get_parameters_ex(1, &mysql_link)==FAILURE) {
+	        if (zend_parse_parameters(1, "O", &mysql_link, mysqli_link_class_entry)==FAILURE) {
 				return;
 			}
 		break;
 		case 2:
-	        if (zend_get_parameters_ex(2, &mysql_link, &mode)==FAILURE) {
+	        if (zend_parse_parameters(2, "Ol", &mysql_link, mysqli_link_class_entry, &resmode)==FAILURE) {
 				return;
 			}
-			resmode = Z_LVAL_PP(mode);
 		break;
 		default:
 			WRONG_PARAM_COUNT;
 	}
 
-	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, mysql_link, "mysqli_link");
+	MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &mysql_link, "mysqli_link");
 
 	result = (resmode == MYSQLI_STORE_RESULT) ? mysql_store_result(mysql->mysql) :
 												mysql_use_result(mysql->mysql);
diff --git a/ext/mysqli/mysqli_warning.c b/ext/mysqli/mysqli_warning.c
index 3ea578f6c7..10e49697cb 100644
--- a/ext/mysqli/mysqli_warning.c
+++ b/ext/mysqli/mysqli_warning.c
@@ -166,7 +166,7 @@ int mysqli_warning_errno(mysqli_object *obj, zval **retval TSRMLS_DC)
 /* {{{ mysqli_warning_construct(object obj) */
 PHP_METHOD(mysqli_warning, __construct)
 {
-	zval			**z;
+	zval			*z;
 	mysqli_object	*obj;
 	MYSQL			*hdl;
 	MYSQLI_WARNING  *w;
@@ -175,18 +175,18 @@ PHP_METHOD(mysqli_warning, __construct)
 	if (ZEND_NUM_ARGS() != 1) {
 		WRONG_PARAM_COUNT;
 	}
-	if (zend_get_parameters_ex(1, &z)==FAILURE) {
+	if (zend_parse_parameters(1, "o", &z)==FAILURE) {
 		return;
 	}
-	obj = (mysqli_object *)zend_object_store_get_object(*(z) TSRMLS_CC);\
+	obj = (mysqli_object *)zend_object_store_get_object(z TSRMLS_CC);\
 
 	if (obj->zo.ce == mysqli_link_class_entry) {
 		MY_MYSQL *mysql;
-		MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, z, "mysqli_link");
+		MYSQLI_FETCH_RESOURCE(mysql, MY_MYSQL *, &z, "mysqli_link");
 		hdl = mysql->mysql;
 	} else if (obj->zo.ce == mysqli_stmt_class_entry) {
 		MY_STMT *stmt;
-		MYSQLI_FETCH_RESOURCE(stmt, MY_STMT *, z, "mysqli_stmt");
+		MYSQLI_FETCH_RESOURCE(stmt, MY_STMT *, &z, "mysqli_stmt");
 		hdl = stmt->stmt->mysql;
 	} else {
 		RETURN_FALSE;
-- 
2.40.0