Fix bug #73949 leak in mysqli_fetch_object

3 files changed, 28 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 1a741d118d..a67c069a5a 100644
--- a/NEWS
+++ b/NEWS
@@ -23,6 +23,9 @@ PHP                                                                        NEWS
   . Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
     (Laruence)
 
+- MySQLi:
+  . Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe)
+
 - Mysqlnd:
   . Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
     (Richard Fussenegger)
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index fa55627c0e..481b46c7c4 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -1324,9 +1324,7 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags
 			} else {
 				zval_ptr_dtor(&retval);
 			}
-			if (fci.params) {
-				efree(fci.params);
-			}
+			zend_fcall_info_args_clear(&fci, 1);
 		} else if (ctor_params) {
 			zend_throw_exception_ex(zend_ce_exception, 0, "Class %s does not have a constructor hence you cannot use ctor_params", ZSTR_VAL(ce->name));
 		}
diff --git a/ext/mysqli/tests/bug73949.phpt b/ext/mysqli/tests/bug73949.phpt
new file mode 100644
index 0000000000..7ce311eb77
--- /dev/null
+++ b/ext/mysqli/tests/bug73949.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #73949 (leak in mysqli_fetch_object)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifemb.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+require_once("connect.inc");
+
+class cc{
+    function __construct($c=null){
+    }   
+};
+$i=mysqli_connect('p:'.$host, $user, $passwd, $db);
+$res=mysqli_query($i, "SHOW STATUS LIKE 'Connections'");
+$t=array(new stdClass);
+while($db= mysqli_fetch_object($res,'cc',$t)){}
+print "done!";
+?>
+--EXPECTF--
+done!