From 732f67ee6ff608853a4c1a757e6746b44bb3b125 Mon Sep 17 00:00:00 2001 From: vanviegen Date: Wed, 21 Dec 2016 16:37:17 +0100 Subject: Fix for sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE Fixes bug #73800 news entry for PR #2250 --- NEWS | 2 ++ ext/mysqlnd/mysqlnd_wireprotocol.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 58440bc403..11bcf54b5e 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,8 @@ PHP NEWS - Mysqlnd: . Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem. (Andrey) + . Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE). + (vanviegen) - PCRE: . Fixed bug #73612 (preg_*() may leak memory). (cmb) diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c index 9f2aafab2e..84f363b403 100644 --- a/ext/mysqlnd/mysqlnd_wireprotocol.c +++ b/ext/mysqlnd/mysqlnd_wireprotocol.c @@ -1443,7 +1443,13 @@ php_mysqlnd_read_row_ex(MYSQLND_CONN_DATA * conn, MYSQLND_MEMORY_POOL * result_s zend_bool first_iteration = TRUE; DBG_ENTER("php_mysqlnd_read_row_ex"); - + + /* + * We're allocating 1 extra byte, as php_mysqlnd_rowp_read_text_protocol_aux + * needs to be able to add a terminating \0 for atoi/atof. + */ + prealloc_more_bytes++; + /* To ease the process the server splits everything in packets up to 2^24 - 1. Even in the case the payload is evenly divisible by this value, the last @@ -1451,7 +1457,7 @@ php_mysqlnd_read_row_ex(MYSQLND_CONN_DATA * conn, MYSQLND_MEMORY_POOL * result_s for next one if they have 2^24 - 1 sizes. But just read the header of a zero-length byte, don't read the body, there is no such. */ - + *data_size = prealloc_more_bytes; while (1) { if (FAIL == mysqlnd_read_header(conn->net, &header, conn->stats, conn->error_info)) { -- cgit v1.2.1