Merge branch 'PHP-7.0' into PHP-7.1

laruence · laruence · commit 3f1e9ed8f8a8 · 2016-08-09T11:32:34.000+08:00
* PHP-7.0:
  Fixed bug #72788 (Invalid memory access when using persistent PDO connection)
  Remove typo'd commit
  Fix bug 72788: Invalid memory access when database_object_handle is undefined. Also fix memory leak in dbh_free when using persistent PDO connections.
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
@@ -1499,15 +1499,15 @@ static void dbh_free(pdo_dbh_t *dbh, zend_bool free_persistent)
 {
 	int i;
 
-	if (dbh->is_persistent && !free_persistent) {
-		return;
-	}
-
 	if (dbh->query_stmt) {
 		zval_ptr_dtor(&dbh->query_stmt_zval);
 		dbh->query_stmt = NULL;
 	}
 
+	if (dbh->is_persistent && !free_persistent) {
+		return;
+	}
+
 	if (dbh->methods) {
 		dbh->methods->closer(dbh);
 	}
diff --git a/ext/pdo/tests/bug_72788.phpt b/ext/pdo/tests/bug_72788.phpt
@@ -0,0 +1,33 @@
+--TEST--
+PDO Common: Bug #72788 (Invalid memory access when using persistent PDO connection)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo')) die('skip');
+$dir = getenv('REDIR_TEST_DIR');
+if (false == $dir) die('skip no driver');
+require_once $dir . 'pdo_test.inc';
+PDOTest::skip();
+?>
+--FILE--
+<?php
+if (getenv('REDIR_TEST_DIR') === false) putenv('REDIR_TEST_DIR='.dirname(__FILE__) . '/../../pdo/tests/');
+require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
+
+putenv("PDOTEST_ATTR=" . serialize(array(PDO::ATTR_PERSISTENT => true)));
+
+function test() {
+    $db = PDOTest::factory('PDO', false);
+    $stmt = @$db->query("SELECT 1 FROM TABLE_DOES_NOT_EXIST");
+    if ($stmt === false) {
+        echo "Statement failed as expected\n";
+    }
+}
+
+test();
+test();
+echo "Done";
+?>
+--EXPECT--
+Statement failed as expected
+Statement failed as expected
+Done
diff --git a/ext/pdo/tests/pdo_017.phpt b/ext/pdo/tests/pdo_017.phpt
@@ -16,7 +16,7 @@ try {
 }
 
 if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') {
-	require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+	require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../pdo_mysql/tests/mysql_pdo_test.inc');
 	if (false === MySQLPDOTest::detect_transactional_mysql_engine($db)) {
 		die('skip your mysql configuration does not support working transactions');
 	}
@@ -29,7 +29,7 @@ require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
 $db = PDOTest::factory();
 
 if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'mysql') {
-	require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+	require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../pdo_mysql/tests/mysql_pdo_test.inc');
 	$suf = ' ENGINE=' . MySQLPDOTest::detect_transactional_mysql_engine($db);
 } else {
 	$suf = '';
diff --git a/ext/pdo_mysql/mysql_statement.c b/ext/pdo_mysql/mysql_statement.c
@@ -88,7 +88,8 @@ static int pdo_mysql_stmt_dtor(pdo_stmt_t *stmt) /* {{{ */
 	}
 #endif
 
-	if (IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
+	if (!Z_ISUNDEF(stmt->database_object_handle)
+		&& IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
 		&& (!(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED))) {
 		while (mysql_more_results(S->H->server)) {
 			MYSQL_RES *res;
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
@@ -61,7 +61,8 @@
 static int pgsql_stmt_dtor(pdo_stmt_t *stmt)
 {
 	pdo_pgsql_stmt *S = (pdo_pgsql_stmt*)stmt->driver_data;
-	zend_bool server_obj_usable = IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
+	zend_bool server_obj_usable = !Z_ISUNDEF(stmt->database_object_handle)
+		&& IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])
 		&& !(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED);
 
 	if (S->result) {

Original file line number	Diff line number	Diff line change
`@@ -1499,15 +1499,15 @@ static void dbh_free(pdo_dbh_t *dbh, zend_bool free_persistent)`
`1499`	`1499`	`{`
`1500`	`1500`	`int i;`
`1501`	`1501`
`1502`		`- if (dbh->is_persistent && !free_persistent) {`
`1503`		`- return;`
`1504`		`- }`
`1505`		`-`
`1506`	`1502`	`if (dbh->query_stmt) {`
`1507`	`1503`	`zval_ptr_dtor(&dbh->query_stmt_zval);`
`1508`	`1504`	`dbh->query_stmt = NULL;`
`1509`	`1505`	`}`
`1510`	`1506`
	`1507`	`+ if (dbh->is_persistent && !free_persistent) {`
	`1508`	`+ return;`
	`1509`	`+ }`
	`1510`	`+`
`1511`	`1511`	`if (dbh->methods) {`
`1512`	`1512`	`dbh->methods->closer(dbh);`
`1513`	`1513`	`}`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,8 @@ static int pdo_mysql_stmt_dtor(pdo_stmt_t stmt) / {{{ */`
`88`	`88`	`}`
`89`	`89`	`#endif`
`90`	`90`
`91`		`- if (IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])`
	`91`	`+ if (!Z_ISUNDEF(stmt->database_object_handle)`
	`92`	`+ && IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])`
`92`	`93`	`&& (!(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED))) {`
`93`	`94`	`while (mysql_more_results(S->H->server)) {`
`94`	`95`	`MYSQL_RES *res;`
Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,8 @@`
`61`	`61`	`static int pgsql_stmt_dtor(pdo_stmt_t *stmt)`
`62`	`62`	`{`
`63`	`63`	`pdo_pgsql_stmt S = (pdo_pgsql_stmt)stmt->driver_data;`
`64`		`- zend_bool server_obj_usable = IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])`
	`64`	`+ zend_bool server_obj_usable = !Z_ISUNDEF(stmt->database_object_handle)`
	`65`	`+ && IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])`
`65`	`66`	`&& !(GC_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED);`
`66`	`67`
`67`	`68`	`if (S->result) {`