From bc419fee5c9704eb4ce338acacbc2380c6f4427d Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Sat, 13 Feb 2016 15:17:51 +0100 Subject: FIx bug #71569 convert_to_string() may result in an interned string. --- NEWS | 3 +++ ext/pdo_mysql/mysql_driver.c | 26 +++++++++++++------------- ext/pdo_mysql/tests/bug71569.phpt | 23 +++++++++++++++++++++++ 3 files changed, 39 insertions(+), 13 deletions(-) create mode 100644 ext/pdo_mysql/tests/bug71569.phpt diff --git a/NEWS b/NEWS index a13c4b2d54..e551a97e08 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ PHP NEWS . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup). (Matt Haught, Remi) +- PDO MySQL: + . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita) + - Standard: . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) diff --git a/ext/pdo_mysql/mysql_driver.c b/ext/pdo_mysql/mysql_driver.c index 003a0c33be..e82fdf46db 100644 --- a/ext/pdo_mysql/mysql_driver.c +++ b/ext/pdo_mysql/mysql_driver.c @@ -658,31 +658,31 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ init_cmd = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_INIT_COMMAND, NULL TSRMLS_CC); if (init_cmd) { if (mysql_options(H->server, MYSQL_INIT_COMMAND, (const char *)init_cmd)) { - efree(init_cmd); + str_efree(init_cmd); pdo_mysql_error(dbh); goto cleanup; } - efree(init_cmd); + str_efree(init_cmd); } #ifndef PDO_USE_MYSQLND default_file = pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_FILE, NULL TSRMLS_CC); if (default_file) { if (mysql_options(H->server, MYSQL_READ_DEFAULT_FILE, (const char *)default_file)) { - efree(default_file); + str_efree(default_file); pdo_mysql_error(dbh); goto cleanup; } - efree(default_file); + str_efree(default_file); } default_group= pdo_attr_strval(driver_options, PDO_MYSQL_ATTR_READ_DEFAULT_GROUP, NULL TSRMLS_CC); if (default_group) { if (mysql_options(H->server, MYSQL_READ_DEFAULT_GROUP, (const char *)default_group)) { - efree(default_group); + str_efree(default_group); pdo_mysql_error(dbh); goto cleanup; } - efree(default_group); + str_efree(default_group); } #endif compress = pdo_attr_lval(driver_options, PDO_MYSQL_ATTR_COMPRESS, 0 TSRMLS_CC); @@ -702,19 +702,19 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ if (ssl_key || ssl_cert || ssl_ca || ssl_capath || ssl_cipher) { mysql_ssl_set(H->server, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher); if (ssl_key) { - efree(ssl_key); + str_efree(ssl_key); } if (ssl_cert) { - efree(ssl_cert); + str_efree(ssl_cert); } if (ssl_ca) { - efree(ssl_ca); + str_efree(ssl_ca); } if (ssl_capath) { - efree(ssl_capath); + str_efree(ssl_capath); } if (ssl_cipher) { - efree(ssl_cipher); + str_efree(ssl_cipher); } } @@ -724,10 +724,10 @@ static int pdo_mysql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ if (public_key) { if (mysql_options(H->server, MYSQL_SERVER_PUBLIC_KEY, public_key)) { pdo_mysql_error(dbh); - efree(public_key); + str_efree(public_key); goto cleanup; } - efree(public_key); + str_efree(public_key); } } #endif diff --git a/ext/pdo_mysql/tests/bug71569.phpt b/ext/pdo_mysql/tests/bug71569.phpt new file mode 100644 index 0000000000..3ace1e98bf --- /dev/null +++ b/ext/pdo_mysql/tests/bug71569.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #70389 (PDO constructor changes unrelated variables) +--SKIPIF-- + +--FILE-- + null, + ]); +} catch (PDOException $e) { + echo $e->getMessage(); +} + +?> +--EXPECT-- +SQLSTATE[42000] [1065] Query was empty -- cgit v1.2.1