diff options
author | Remi Collet <remi@php.net> | 2014-02-27 08:45:16 +0100 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2014-02-27 08:45:16 +0100 |
commit | 9137acc7ecdf1542fe6fda5056a0273359682735 (patch) | |
tree | a7d448f83390b238fcd44923935fa06c24807e21 | |
parent | bd961f3e873f71c1408111da065d94cd0c6527d9 (diff) | |
download | php-git-9137acc7ecdf1542fe6fda5056a0273359682735.tar.gz |
Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
Each new mysqli_stmt now increase the refcount of the link object.
So the link is really destroy after all statements.
Only implemented with libmysqlclient, as mysqlnd already implement
this internally.
So, libmysqlclient and mysqlnd have the same behavior.
-rw-r--r-- | ext/mysqli/mysqli.c | 9 | ||||
-rw-r--r-- | ext/mysqli/mysqli_api.c | 8 | ||||
-rw-r--r-- | ext/mysqli/php_mysqli_structs.h | 4 |
3 files changed, 20 insertions, 1 deletions
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c index 4e4ed5b2ab..cbeb18349e 100644 --- a/ext/mysqli/mysqli.c +++ b/ext/mysqli/mysqli.c @@ -176,8 +176,11 @@ void php_clear_stmt_bind(MY_STMT *stmt TSRMLS_DC) php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE); /* Clean output bind */ php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT); -#endif + if (stmt->link_handle) { + zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC); + } +#endif if (stmt->query) { efree(stmt->query); } @@ -1055,6 +1058,10 @@ PHP_FUNCTION(mysqli_stmt_construct) efree(stmt); RETURN_FALSE; } +#ifndef MYSQLI_USE_MYSQLND + stmt->link_handle = Z_OBJ_HANDLE(*mysql_link); + zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC); +#endif mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->ptr = (void *)stmt; diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c index 1dbff8712b..0b28a43ba7 100644 --- a/ext/mysqli/mysqli_api.c +++ b/ext/mysqli/mysqli_api.c @@ -1840,6 +1840,10 @@ PHP_FUNCTION(mysqli_prepare) efree(stmt); RETURN_FALSE; } +#ifndef MYSQLI_USE_MYSQLND + stmt->link_handle = Z_OBJ_HANDLE(*mysql_link); + zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC); +#endif mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->ptr = (void *)stmt; @@ -2368,6 +2372,10 @@ PHP_FUNCTION(mysqli_stmt_init) efree(stmt); RETURN_FALSE; } +#ifndef MYSQLI_USE_MYSQLND + stmt->link_handle = Z_OBJ_HANDLE(*mysql_link); + zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC); +#endif mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE)); mysqli_resource->status = MYSQLI_STATUS_INITIALIZED; diff --git a/ext/mysqli/php_mysqli_structs.h b/ext/mysqli/php_mysqli_structs.h index d652592707..d2fb34b908 100644 --- a/ext/mysqli/php_mysqli_structs.h +++ b/ext/mysqli/php_mysqli_structs.h @@ -116,6 +116,10 @@ typedef struct { BIND_BUFFER param; BIND_BUFFER result; char *query; +#ifndef MYSQLI_USE_MYSQLND + /* used to manage refcount with libmysql (already implement in mysqlnd) */ + zend_object_handle link_handle; +#endif } MY_STMT; typedef struct { |