Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/ext/mysqli/mysqli_api.c trunk/ext/mysqli/mysqli_api.c

Fri, 09 Sep 2011 21:33:20 -0700 

Laruence,

Is this covered by an existing test?  If not, can you add one?

Chris

On 09/09/2011 08:51 PM, Xinchen Hui wrote:

laruence                                 Sat, 10 Sep 2011 03:51:16 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=316474

Log:
Fixed Bug #55653(PS crash with libmysql when binding same variable as param and 
out)
Actually this caused by attempt to efree a INTERNED string

Bug: https://bugs.php.net/55653 (Open) PS crash with libmysql when binding same 
variable as param and out

Changed paths:
     U   php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c
     U   php/php-src/trunk/ext/mysqli/mysqli_api.c

Modified: php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c        2011-09-10 
01:28:12 UTC (rev 316473)
+++ php/php-src/branches/PHP_5_4/ext/mysqli/mysqli_api.c        2011-09-10 
03:51:16 UTC (rev 316474)
@@ -887,7 +887,7 @@
                        */
                        /* Even if the string is of length zero there is one 
byte alloced so efree() in all cases */
                        if (Z_TYPE_P(stmt->result.vars[i]) == IS_STRING) {
-                               efree(stmt->result.vars[i]->value.str.val);
+                               STR_FREE(stmt->result.vars[i]->value.str.val);
                        }
                        if (!stmt->result.is_null[i]) {
                                switch (stmt->result.buf[i].type) {

Modified: php/php-src/trunk/ext/mysqli/mysqli_api.c
===================================================================
--- php/php-src/trunk/ext/mysqli/mysqli_api.c   2011-09-10 01:28:12 UTC (rev 
316473)
+++ php/php-src/trunk/ext/mysqli/mysqli_api.c   2011-09-10 03:51:16 UTC (rev 
316474)
@@ -887,7 +887,7 @@
                        */
                        /* Even if the string is of length zero there is one 
byte alloced so efree() in all cases */
                        if (Z_TYPE_P(stmt->result.vars[i]) == IS_STRING) {
-                               efree(stmt->result.vars[i]->value.str.val);
+                               STR_FREE(stmt->result.vars[i]->value.str.val);
                        }
                        if (!stmt->result.is_null[i]) {
                                switch (stmt->result.buf[i].type) {






--
Email: christopher.jo...@oracle.com
Tel:  +1 650 506 8630
Blog:  http://blogs.oracle.com/opal/

--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to