From ce0ea97850f342ce25bd03b9938c489e93ac4247 Mon Sep 17 00:00:00 2001
From: Andrey Hristov <andrey@php.net>
Date: Fri, 14 May 2010 13:04:33 +0000
Subject: [PATCH] OOM fixes

---
 ext/mysqlnd/mysqlnd_net.c          |  2 +-
 ext/mysqlnd/mysqlnd_ps.c           | 17 ++++++++++-------
 ext/mysqlnd/mysqlnd_wireprotocol.c | 10 +++++++++-
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/ext/mysqlnd/mysqlnd_net.c b/ext/mysqlnd/mysqlnd_net.c
index 43ef152dda..5a3fda5e98 100644
--- a/ext/mysqlnd/mysqlnd_net.c
+++ b/ext/mysqlnd/mysqlnd_net.c
@@ -942,7 +942,7 @@ PHPAPI void ** _mysqlnd_plugin_get_plugin_net_data(const MYSQLND_NET * net, unsi
 /* }}} */
 
 
-/* {{{ mysqlnd_res_meta_get_methods */
+/* {{{ mysqlnd_net_get_methods */
 PHPAPI struct st_mysqlnd_net_methods *
 mysqlnd_net_get_methods()
 {
diff --git a/ext/mysqlnd/mysqlnd_ps.c b/ext/mysqlnd/mysqlnd_ps.c
index 778663b08a..1c7f60dd57 100644
--- a/ext/mysqlnd/mysqlnd_ps.c
+++ b/ext/mysqlnd/mysqlnd_ps.c
@@ -237,21 +237,24 @@ mysqlnd_stmt_skip_metadata(MYSQLND_STMT * s TSRMLS_DC)
 	MYSQLND_STMT_DATA * stmt = s->data;
 	/* Follows parameter metadata, we have just to skip it, as libmysql does */
 	unsigned int i = 0;
-	enum_func_status ret = PASS;
+	enum_func_status ret = FAIL;
 	MYSQLND_PACKET_RES_FIELD * field_packet;
 
 	DBG_ENTER("mysqlnd_stmt_skip_metadata");
 	DBG_INF_FMT("stmt=%lu", stmt->stmt_id);
 
 	field_packet = stmt->conn->protocol->m.get_result_field_packet(stmt->conn->protocol, FALSE TSRMLS_CC);
-	field_packet->skip_parsing = TRUE;
-	for (;i < stmt->param_count; i++) {
-		if (FAIL == PACKET_READ(field_packet, stmt->conn)) {
-			ret = FAIL;
-			break;
+	if (field_packet) {
+		ret = PASS;
+		field_packet->skip_parsing = TRUE;
+		for (;i < stmt->param_count; i++) {
+			if (FAIL == PACKET_READ(field_packet, stmt->conn)) {
+				ret = FAIL;
+				break;
+			}
 		}
+		PACKET_FREE(field_packet);
 	}
-	PACKET_FREE(field_packet);
 
 	DBG_RETURN(ret);
 }
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 39a3c94b04..5b1bca906e 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -1024,6 +1024,10 @@ php_mysqlnd_rset_field_read(void *_packet, MYSQLND *conn TSRMLS_DC)
 		BAIL_IF_NO_MORE_DATA;
 		DBG_INF_FMT("Def found, length %lu, persistent=%d", len, packet->persistent_alloc);
 		meta->def = mnd_pemalloc(len + 1, packet->persistent_alloc);
+		if (!meta->def) {
+			SET_OOM_ERROR(conn->error_info);
+			DBG_RETURN(FAIL);		
+		}
 		memcpy(meta->def, p, len);
 		meta->def[len] = '\0';
 		meta->def_length = len;
@@ -1032,6 +1036,11 @@ php_mysqlnd_rset_field_read(void *_packet, MYSQLND *conn TSRMLS_DC)
 
 	DBG_INF_FMT("allocing root. persistent=%d", packet->persistent_alloc);
 	root_ptr = meta->root = mnd_pemalloc(total_len, packet->persistent_alloc);
+	if (!root_ptr) {
+		SET_OOM_ERROR(conn->error_info);
+		DBG_RETURN(FAIL);	
+	}
+	
 	meta->root_len = total_len;
 	/* Now do allocs */
 	if (meta->catalog && meta->catalog != mysqlnd_empty_string) {
@@ -1100,7 +1109,6 @@ static
 void php_mysqlnd_rset_field_free_mem(void *_packet, zend_bool alloca TSRMLS_DC)
 {
 	MYSQLND_PACKET_RES_FIELD *p= (MYSQLND_PACKET_RES_FIELD *) _packet;
-
 	/* p->metadata was passed to us as temporal buffer */
 	if (!alloca) {
 		mnd_pefree(p, p->header.persistent);
-- 
2.40.0