From de4a5156e69fe4b5de6ff3146ff4a50f2dec5abb Mon Sep 17 00:00:00 2001
From: Andrey Hristov <andrey@php.net>
Date: Mon, 3 May 2010 14:16:04 +0000
Subject: [PATCH] Handle OOM when resizing blocks during data fetch

---
 ext/mysqlnd/mysqlnd_block_alloc.c  | 10 ++++++++--
 ext/mysqlnd/mysqlnd_structs.h      |  2 +-
 ext/mysqlnd/mysqlnd_wireprotocol.c |  6 +++++-
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ext/mysqlnd/mysqlnd_block_alloc.c b/ext/mysqlnd/mysqlnd_block_alloc.c
index 41c3af6f06..498d4b390b 100644
--- a/ext/mysqlnd/mysqlnd_block_alloc.c
+++ b/ext/mysqlnd/mysqlnd_block_alloc.c
@@ -53,7 +53,7 @@ mysqlnd_mempool_free_chunk(MYSQLND_MEMORY_POOL_CHUNK * chunk, zend_bool cache_it
 
 
 /* {{{ mysqlnd_mempool_resize_chunk */
-static void
+static enum_func_status
 mysqlnd_mempool_resize_chunk(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int size TSRMLS_DC)
 {
 	DBG_ENTER("mysqlnd_mempool_resize_chunk");
@@ -68,6 +68,9 @@ mysqlnd_mempool_resize_chunk(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int siz
 			if ((chunk->size + pool->free_size) < size) {
 				zend_uchar *new_ptr;
 				new_ptr = mnd_malloc(size);
+				if (!new_ptr) {
+					DBG_RETURN(FAIL);
+				}
 				memcpy(new_ptr, chunk->ptr, chunk->size);
 				chunk->ptr = new_ptr;
 				pool->free_size += chunk->size;
@@ -85,6 +88,9 @@ mysqlnd_mempool_resize_chunk(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int siz
 			} else {
 				zend_uchar *new_ptr;
 				new_ptr = mnd_malloc(size);
+				if (!new_ptr) {
+					DBG_RETURN(FAIL);
+				}
 				memcpy(new_ptr, chunk->ptr, chunk->size);
 				chunk->ptr = new_ptr;
 				chunk->size = size;
@@ -95,7 +101,7 @@ mysqlnd_mempool_resize_chunk(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int siz
 	} else {
 		chunk->ptr = mnd_realloc(chunk->ptr, size);
 	}
-	DBG_VOID_RETURN;
+	DBG_RETURN(PASS);
 }
 /* }}} */
 
diff --git a/ext/mysqlnd/mysqlnd_structs.h b/ext/mysqlnd/mysqlnd_structs.h
index 401c3b0454..a74d7d6d2b 100644
--- a/ext/mysqlnd/mysqlnd_structs.h
+++ b/ext/mysqlnd/mysqlnd_structs.h
@@ -48,7 +48,7 @@ struct st_mysqlnd_memory_pool_chunk
 	MYSQLND_MEMORY_POOL	*pool;
 	zend_uchar			*ptr;
 	unsigned int		size;
-	void				(*resize_chunk)(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int size TSRMLS_DC);
+	enum_func_status	(*resize_chunk)(MYSQLND_MEMORY_POOL_CHUNK * chunk, unsigned int size TSRMLS_DC);
 	void				(*free_chunk)(MYSQLND_MEMORY_POOL_CHUNK * chunk, zend_bool cache_it TSRMLS_DC);
 	zend_bool			from_pool;
 };
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 3eb9159227..6e0adf5620 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -1149,7 +1149,11 @@ php_mysqlnd_read_row_ex(MYSQLND * conn, MYSQLND_MEMORY_POOL * result_set_memory_
 			  We need a trailing \0 for the last string, in case of text-mode,
 			  to be able to implement read-only variables.
 			*/
-			(*buffer)->resize_chunk((*buffer), *data_size + 1 TSRMLS_CC);
+			if (FAIL == (*buffer)->resize_chunk((*buffer), *data_size + 1 TSRMLS_CC)) {
+				SET_OOM_ERROR(conn->error_info);
+				ret = FAIL;
+				break;
+			}
 			/* The position could have changed, recalculate */
 			p = (*buffer)->ptr + (*data_size - header.size);
 		}
-- 
2.40.0