diff options
author | Joe Watkins <krakjoe@php.net> | 2017-01-18 18:22:57 +0000 |
---|---|---|
committer | Joe Watkins <krakjoe@php.net> | 2017-01-18 18:22:57 +0000 |
commit | f9226f9bf34233cd6c1fee247c02c6a96d9ef754 (patch) | |
tree | 27b7e1e2157d2f98811578d510a17662d8b9db59 | |
parent | fb8486f3bdd84d92da7c05e6e3c226df71c574da (diff) | |
download | php-git-f9226f9bf34233cd6c1fee247c02c6a96d9ef754.tar.gz |
Fix bug #73949 leak in mysqli_fetch_object
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/mysqli/mysqli.c | 4 | ||||
-rw-r--r-- | ext/mysqli/tests/bug73949.phpt | 24 |
3 files changed, 28 insertions, 3 deletions
@@ -23,6 +23,9 @@ PHP NEWS . Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache). (Laruence) +- MySQLi: + . Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe) + - Mysqlnd: . Fixed bug #69899 (segfault on close() after free_result() with mysqlnd). (Richard Fussenegger) diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c index fa55627c0e..481b46c7c4 100644 --- a/ext/mysqli/mysqli.c +++ b/ext/mysqli/mysqli.c @@ -1324,9 +1324,7 @@ void php_mysqli_fetch_into_hash(INTERNAL_FUNCTION_PARAMETERS, int override_flags } else { zval_ptr_dtor(&retval); } - if (fci.params) { - efree(fci.params); - } + zend_fcall_info_args_clear(&fci, 1); } else if (ctor_params) { zend_throw_exception_ex(zend_ce_exception, 0, "Class %s does not have a constructor hence you cannot use ctor_params", ZSTR_VAL(ce->name)); } diff --git a/ext/mysqli/tests/bug73949.phpt b/ext/mysqli/tests/bug73949.phpt new file mode 100644 index 0000000000..7ce311eb77 --- /dev/null +++ b/ext/mysqli/tests/bug73949.phpt @@ -0,0 +1,24 @@ +--TEST-- +Bug #73949 (leak in mysqli_fetch_object) +--SKIPIF-- +<?php +require_once('skipif.inc'); +require_once('skipifemb.inc'); +require_once('skipifconnectfailure.inc'); +?> +--FILE-- +<?php +require_once("connect.inc"); + +class cc{ + function __construct($c=null){ + } +}; +$i=mysqli_connect('p:'.$host, $user, $passwd, $db); +$res=mysqli_query($i, "SHOW STATUS LIKE 'Connections'"); +$t=array(new stdClass); +while($db= mysqli_fetch_object($res,'cc',$t)){} +print "done!"; +?> +--EXPECTF-- +done! |