From b7385f02fd13457901d4258d9fed2343779df436 Mon Sep 17 00:00:00 2001 From: Andrey Hristov Date: Thu, 27 May 2010 08:51:46 +0000 Subject: [PATCH] Fix deallocation which can crash if the object is half-baken. Happens during OOM. --- ext/mysqlnd/mysqlnd_ps.c | 16 ++++++++++------ ext/mysqlnd/mysqlnd_structs.h | 1 + 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ext/mysqlnd/mysqlnd_ps.c b/ext/mysqlnd/mysqlnd_ps.c index d1ceba60ae..b4d610731b 100644 --- a/ext/mysqlnd/mysqlnd_ps.c +++ b/ext/mysqlnd/mysqlnd_ps.c @@ -2091,16 +2091,19 @@ MYSQLND_METHOD(mysqlnd_stmt, dtor)(MYSQLND_STMT * const s, zend_bool implicit TS { MYSQLND_STMT_DATA * stmt = s->data; enum_func_status ret; - zend_bool persistent = stmt->persistent; + zend_bool persistent = s->persistent; DBG_ENTER("mysqlnd_stmt::dtor"); - DBG_INF_FMT("stmt=%p", stmt); + if (stmt) { - MYSQLND_INC_GLOBAL_STATISTIC(implicit == TRUE? STAT_STMT_CLOSE_IMPLICIT: - STAT_STMT_CLOSE_EXPLICIT); + DBG_INF_FMT("stmt=%p", stmt); + + MYSQLND_INC_GLOBAL_STATISTIC(implicit == TRUE? STAT_STMT_CLOSE_IMPLICIT: + STAT_STMT_CLOSE_EXPLICIT); - ret = s->m->net_close(s, implicit TSRMLS_CC); - mnd_pefree(stmt, persistent); + ret = s->m->net_close(s, implicit TSRMLS_CC); + mnd_pefree(stmt, persistent); + } mnd_pefree(s, persistent); DBG_INF(ret == PASS? "PASS":"FAIL"); @@ -2214,6 +2217,7 @@ MYSQLND_STMT * _mysqlnd_stmt_init(MYSQLND * const conn TSRMLS_DC) break; } ret->m = mysqlnd_stmt_methods; + ret->persistent = conn->persistent; stmt = ret->data = mnd_pecalloc(1, sizeof(MYSQLND_STMT_DATA), conn->persistent); DBG_INF_FMT("stmt=%p", stmt); diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h index de08a7f1b1..21d90d6dc7 100644 --- a/ext/mysqlnd/mysqlnd_structs.h +++ b/ext/mysqlnd/mysqlnd_structs.h @@ -908,6 +908,7 @@ struct st_mysqlnd_stmt { MYSQLND_STMT_DATA * data; struct st_mysqlnd_stmt_methods *m; + zend_bool persistent; }; #endif /* MYSQLND_STRUCTS_H */ -- 2.40.0