andrey Thu May 28 16:35:17 2009 UTC
Modified files:
/php-src/ext/mysqlnd mysqlnd_palloc.c mysqlnd_ps.c
mysqlnd_ps_codec.c mysqlnd_result.c
Log:
Fix a problem with cursors, which did not happen with unbuffered PS for
some reason. Double free of the data, which led to valgrind warnigns.
The fix actually optimizes the code in this cases because the old code
used copy_ctor while the new one skips it because it is not needed.
Transferring data ownership and nulling works best, for PS where we
always copy the string from the result set, unlike the text protocol.
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqlnd/mysqlnd_palloc.c?r1=1.17&r2=1.18&diff_format=u
Index: php-src/ext/mysqlnd/mysqlnd_palloc.c
diff -u php-src/ext/mysqlnd/mysqlnd_palloc.c:1.17
php-src/ext/mysqlnd/mysqlnd_palloc.c:1.18
--- php-src/ext/mysqlnd/mysqlnd_palloc.c:1.17 Fri Mar 27 19:50:56 2009
+++ php-src/ext/mysqlnd/mysqlnd_palloc.c Thu May 28 16:35:16 2009
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mysqlnd_palloc.c,v 1.17 2009/03/27 19:50:56 felipe Exp $ */
+/* $Id: mysqlnd_palloc.c,v 1.18 2009/05/28 16:35:16 andrey Exp $ */
#include "php.h"
#include "mysqlnd.h"
#include "mysqlnd_priv.h"
@@ -497,9 +497,14 @@
*(thd_cache->gc_list.last_added++) = (mysqlnd_zval *)*zv;
UNLOCK_PCACHE(cache);
} else {
+ DBG_INF("No user reference");
/* No user reference */
if (((mysqlnd_zval *)*zv)->point_type ==
MYSQLND_POINTS_EXT_BUFFER) {
- /* PS are here and also in Unicode mode, for non-binary
*/
+ DBG_INF("Points to external buffer. Calling zval_dtor");
+ /*
+ PS are here
+ Unicode mode goes also here if the column is not
binary but a text
+ */
zval_dtor(*zv);
}
LOCK_PCACHE(cache);
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqlnd/mysqlnd_ps.c?r1=1.27&r2=1.28&diff_format=u
Index: php-src/ext/mysqlnd/mysqlnd_ps.c
diff -u php-src/ext/mysqlnd/mysqlnd_ps.c:1.27
php-src/ext/mysqlnd/mysqlnd_ps.c:1.28
--- php-src/ext/mysqlnd/mysqlnd_ps.c:1.27 Mon Feb 16 17:25:37 2009
+++ php-src/ext/mysqlnd/mysqlnd_ps.c Thu May 28 16:35:16 2009
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mysqlnd_ps.c,v 1.27 2009/02/16 17:25:37 johannes Exp $ */
+/* $Id: mysqlnd_ps.c,v 1.28 2009/05/28 16:35:16 andrey Exp $ */
#include "php.h"
#include "mysqlnd.h"
#include "mysqlnd_wireprotocol.h"
@@ -536,12 +536,14 @@
stmt->upsert_status.server_status & SERVER_STATUS_CURSOR_EXISTS);
if (stmt->upsert_status.server_status &
SERVER_STATUS_CURSOR_EXISTS) {
+ DBG_INF("cursor exists");
stmt->cursor_exists = TRUE;
CONN_SET_STATE(conn, CONN_READY);
/* Only cursor read */
stmt->default_rset_handler =
stmt->m->use_result;
DBG_INF("use_result");
} else if (stmt->flags & CURSOR_TYPE_READ_ONLY) {
+ DBG_INF("asked for cursor but got none");
/*
We have asked for CURSOR but got no cursor,
because the condition
above is not fulfilled. Then...
@@ -556,6 +558,7 @@
stmt->default_rset_handler =
stmt->m->store_result;
DBG_INF("store_result");
} else {
+ DBG_INF("no cursor");
/* preferred is unbuffered read */
stmt->default_rset_handler =
stmt->m->use_result;
DBG_INF("use_result");
@@ -853,15 +856,10 @@
stmt->result_bind[i].zv has been
already destructed
in mysqlnd_unbuffered_free_last_data()
*/
-
#ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF
zval_dtor(stmt->result_bind[i].zv);
#endif
if (IS_NULL !=
(Z_TYPE_P(stmt->result_bind[i].zv) = Z_TYPE_P(data)) ) {
- stmt->result_bind[i].zv->value
= data->value;
-#ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF
-
zval_copy_ctor(stmt->result_bind[i].zv);
-#endif
if (
(Z_TYPE_P(data) ==
IS_STRING
#if PHP_MAJOR_VERSION >= 6
@@ -872,6 +870,9 @@
{
result->meta->fields[i].max_length = Z_STRLEN_P(data);
}
+ stmt->result_bind[i].zv->value
= data->value;
+ // copied data, thus also the
ownership. Thus null data
+ ZVAL_NULL(data);
}
}
}
@@ -888,14 +889,15 @@
row_packet->row_buffer = NULL;
}
} else if (ret == FAIL) {
+ *fetched_anything = FALSE;
if (row_packet->error_info.error_no) {
stmt->conn->error_info = row_packet->error_info;
stmt->error_info = row_packet->error_info;
}
- *fetched_anything = FALSE;
CONN_SET_STATE(result->conn, CONN_READY);
result->unbuf->eof_reached = TRUE; /* so next time we won't get
an error */
} else if (row_packet->eof) {
+ *fetched_anything = FALSE;
DBG_INF("EOF");
/* Mark the connection as usable again */
result->unbuf->eof_reached = TRUE;
@@ -910,7 +912,6 @@
} else {
CONN_SET_STATE(result->conn, CONN_READY);
}
- *fetched_anything = FALSE;
}
DBG_INF_FMT("ret=%s fetched_anything=%d", ret == PASS? "PASS":"FAIL",
*fetched_anything);
@@ -944,7 +945,8 @@
MYSQLND_INC_CONN_STATISTIC(&stmt->conn->stats, STAT_PS_UNBUFFERED_SETS);
result = stmt->result;
-
+
+ DBG_INF_FMT("%scursor exists", stmt->cursor_exists? "":"no ");
result->m.use_result(stmt->result, TRUE TSRMLS_CC);
result->m.fetch_row = stmt->cursor_exists?
mysqlnd_fetch_stmt_row_cursor:
mysqlnd_stmt_fetch_row_unbuffered;
@@ -1002,15 +1004,19 @@
if (PASS == (ret = PACKET_READ(row_packet, result->conn)) &&
!row_packet->eof) {
unsigned int i, field_count = result->field_count;
- mysqlnd_unbuffered_free_last_data(result TSRMLS_CC);
+ result->unbuf->row_count++;
+ *fetched_anything = TRUE;
- result->unbuf->last_row_data = row_packet->fields;
- result->unbuf->last_row_buffer = row_packet->row_buffer;
+ DBG_INF_FMT("skip_extraction=%d", row_packet->skip_extraction);
+ if (!row_packet->skip_extraction) {
+ mysqlnd_unbuffered_free_last_data(result TSRMLS_CC);
+ DBG_INF("extracting data");
+ result->unbuf->last_row_data = row_packet->fields;
+ result->unbuf->last_row_buffer = row_packet->row_buffer;
+ row_packet->fields = NULL;
+ row_packet->row_buffer = NULL;
- row_packet->fields = NULL;
- row_packet->row_buffer = NULL;
- if (!row_packet->skip_extraction) {
result->m.row_decoder(result->unbuf->last_row_buffer,
result->unbuf->last_row_data,
row_packet->field_count,
@@ -1025,12 +1031,12 @@
stmt->result_bind[i].zv has been
already destructed
in mysqlnd_unbuffered_free_last_data()
*/
- DBG_INF_FMT("i=%d type=%d", i,
Z_TYPE_P(stmt->result_bind[i].zv));
- if (IS_NULL !=
(Z_TYPE_P(stmt->result_bind[i].zv) = Z_TYPE_P(data)) ) {
- stmt->result_bind[i].zv->value
= data->value;
-#ifdef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF
-
zval_copy_ctor(stmt->result_bind[i].zv);
+#ifndef WE_DONT_COPY_IN_BUFFERED_AND_UNBUFFERED_BECAUSEOF_IS_REF
+ zval_dtor(stmt->result_bind[i].zv);
#endif
+ DBG_INF_FMT("i=%d bound_var=%p type=%d
refc=%u", i, stmt->result_bind[i].zv,
+ Z_TYPE_P(data),
Z_REFCOUNT_P(stmt->result_bind[i].zv));
+ if (IS_NULL !=
(Z_TYPE_P(stmt->result_bind[i].zv) = Z_TYPE_P(data))) {
if ((Z_TYPE_P(data) == IS_STRING
#if PHP_MAJOR_VERSION >= 6
|| Z_TYPE_P(data) ==
IS_UNICODE
@@ -1040,12 +1046,23 @@
{
result->meta->fields[i].max_length = Z_STRLEN_P(data);
}
+ stmt->result_bind[i].zv->value
= data->value;
+ // copied data, thus also the
ownership. Thus null data
+ ZVAL_NULL(data);
}
}
}
+ } else {
+ DBG_INF("skipping extraction");
+ /*
+ Data has been allocated and usually
mysqlnd_unbuffered_free_last_data()
+ frees it but we can't call this function as it will
cause problems with
+ the bound variables. Thus we need to do part of what
it does or Zend will
+ report leaks.
+ */
+
row_packet->row_buffer->free_chunk(row_packet->row_buffer, TRUE TSRMLS_CC);
+ row_packet->row_buffer = NULL;
}
- result->unbuf->row_count++;
- *fetched_anything = TRUE;
/* We asked for one row, the next one should be EOF, eat it */
ret = PACKET_READ(row_packet, result->conn);
if (row_packet->row_buffer) {
@@ -1491,7 +1508,8 @@
stmt->result_bind = result_bind;
for (i = 0; i < stmt->field_count; i++) {
/* Prevent from freeing */
- Z_ADDREF_P(stmt->result_bind[i].zv);
+ Z_ADDREF_P(stmt->result_bind[i].zv);
+ DBG_INF_FMT("ref of %p = %u", stmt->result_bind[i].zv,
Z_REFCOUNT_P(stmt->result_bind[i].zv));
/*
Don't update is_ref !!! it's not our job
Otherwise either 009.phpt or
mysqli_stmt_bind_result.phpt
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqlnd/mysqlnd_ps_codec.c?r1=1.16&r2=1.17&diff_format=u
Index: php-src/ext/mysqlnd/mysqlnd_ps_codec.c
diff -u php-src/ext/mysqlnd/mysqlnd_ps_codec.c:1.16
php-src/ext/mysqlnd/mysqlnd_ps_codec.c:1.17
--- php-src/ext/mysqlnd/mysqlnd_ps_codec.c:1.16 Fri Mar 27 19:28:26 2009
+++ php-src/ext/mysqlnd/mysqlnd_ps_codec.c Thu May 28 16:35:16 2009
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mysqlnd_ps_codec.c,v 1.16 2009/03/27 19:28:26 felipe Exp $ */
+/* $Id: mysqlnd_ps_codec.c,v 1.17 2009/05/28 16:35:16 andrey Exp $ */
#include "php.h"
#include "mysqlnd.h"
#include "mysqlnd_wireprotocol.h"
@@ -405,12 +405,14 @@
DBG_ENTER("ps_fetch_string");
DBG_INF_FMT("len = %lu", length);
#if PHP_MAJOR_VERSION < 6
+ DBG_INF("copying from the row buffer");
ZVAL_STRINGL(zv, (char *)*row, length, 1);
#else
if (field->charsetnr == MYSQLND_BINARY_CHARSET_NR) {
DBG_INF("Binary charset");
ZVAL_STRINGL(zv, (char *)*row, length, 1);
} else {
+ DBG_INF_FMT("copying from the row buffer");
ZVAL_UTF8_STRINGL(zv, (char*)*row, length, ZSTR_DUPLICATE);
}
#endif
http://cvs.php.net/viewvc.cgi/php-src/ext/mysqlnd/mysqlnd_result.c?r1=1.31&r2=1.32&diff_format=u
Index: php-src/ext/mysqlnd/mysqlnd_result.c
diff -u php-src/ext/mysqlnd/mysqlnd_result.c:1.31
php-src/ext/mysqlnd/mysqlnd_result.c:1.32
--- php-src/ext/mysqlnd/mysqlnd_result.c:1.31 Thu May 28 11:47:15 2009
+++ php-src/ext/mysqlnd/mysqlnd_result.c Thu May 28 16:35:16 2009
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: mysqlnd_result.c,v 1.31 2009/05/28 11:47:15 andrey Exp $ */
+/* $Id: mysqlnd_result.c,v 1.32 2009/05/28 16:35:16 andrey Exp $ */
#include "php.h"
#include "mysqlnd.h"
#include "mysqlnd_wireprotocol.h"
@@ -143,10 +143,13 @@
DBG_VOID_RETURN;
}
+ DBG_INF_FMT("last_row_data=%p", unbuf->last_row_data);
if (unbuf->last_row_data) {
unsigned int i, ctor_called_count = 0;
zend_bool copy_ctor_called;
MYSQLND_STATS *global_stats = result->conn?
&result->conn->stats:NULL;
+
+ DBG_INF_FMT("%u columns to free", result->field_count);
for (i = 0; i < result->field_count; i++) {
mysqlnd_palloc_zval_ptr_dtor(&(unbuf->last_row_data[i]),
result->zval_cache, result->type,
@@ -155,6 +158,7 @@
ctor_called_count++;
}
}
+ DBG_INF_FMT("copy_ctor_called_count=%u", ctor_called_count);
/* By using value3 macros we hold a mutex only once, there is
no value2 */
MYSQLND_INC_CONN_STATISTIC_W_VALUE3(global_stats,
STAT_COPY_ON_WRITE_PERFORMED,
@@ -168,6 +172,7 @@
unbuf->last_row_data = NULL;
}
if (unbuf->last_row_buffer) {
+ DBG_INF("Freeing last row buffer");
/* Nothing points to this buffer now, free it */
unbuf->last_row_buffer->free_chunk(unbuf->last_row_buffer, TRUE
TSRMLS_CC);
unbuf->last_row_buffer = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
