php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted" with setAttribute() (#18280)

Browse Source 
Closes #18280
Fixes #18276
This commit is contained in:
Saki Takamachi
2025-04-08 23:32:36 +09:00
parent 701f3a1af6
commit 9d4f8b5379
3 changed files with 51 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@@ -27,6 +27,10 @@ PHP NEWS
(nielsdos)
. Fix potential leaks when writing to BIO fails. (nielsdos)
- PDO Firebird:
. Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted"
with setAttribute() (SakiTakamachi).
- SPL:
. Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory).
(nielsdos)

21
ext/pdo_firebird/firebird_driver.c
View File

@@ -492,13 +492,13 @@ static void firebird_handle_closer(pdo_dbh_t *dbh) /* {{{ */
}
if (H->date_format) {
efree(H->date_format);
pefree(H->date_format, dbh->is_persistent);
}
if (H->time_format) {
efree(H->time_format);
pefree(H->time_format, dbh->is_persistent);
}
if (H->timestamp_format) {
efree(H->timestamp_format);
pefree(H->timestamp_format, dbh->is_persistent);
}
pefree(H, dbh->is_persistent);
@@ -881,9 +881,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
return false;
}
if (H->date_format) {
efree(H->date_format);
pefree(H->date_format, dbh->is_persistent);
H->date_format = NULL;
}
spprintf(&H->date_format, 0, "%s", ZSTR_VAL(str));
H->date_format = pestrndup(ZSTR_VAL(str), ZSTR_LEN(str),dbh->is_persistent);
zend_string_release_ex(str, 0);
}
return true;
@@ -895,9 +896,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
return false;
}
if (H->time_format) {
efree(H->time_format);
pefree(H->time_format, dbh->is_persistent);
H->time_format = NULL;
}
spprintf(&H->time_format, 0, "%s", ZSTR_VAL(str));
H->time_format = pestrndup(ZSTR_VAL(str), ZSTR_LEN(str),dbh->is_persistent);
zend_string_release_ex(str, 0);
}
return true;
@@ -909,9 +911,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
return false;
}
if (H->timestamp_format) {
efree(H->timestamp_format);
pefree(H->timestamp_format, dbh->is_persistent);
H->timestamp_format = NULL;
}
spprintf(&H->timestamp_format, 0, "%s", ZSTR_VAL(str));
H->timestamp_format = pestrndup(ZSTR_VAL(str), ZSTR_LEN(str),dbh->is_persistent);
zend_string_release_ex(str, 0);
}
return true;

35
ext/pdo_firebird/tests/gh18276.phpt Normal file
View File

@@ -0,0 +1,35 @@
--TEST--
GH-18276 (persistent connection - setAttribute(Pdo\Firebird::ATTR_DATE_FORMAT, ..) results in "zend_mm_heap corrupted")
--EXTENSIONS--
pdo_firebird
--SKIPIF--
<?php require('skipif.inc'); ?>
--XLEAK--
A bug in firebird causes a memory leak when calling `isc_attach_database()`.
See https://github.com/FirebirdSQL/firebird/issues/7849
--FILE--
<?php
require("testdb.inc");
unset($dbh);
for ($i = 0; $i < 2; $i++) {
$dbh = new PDO(
PDO_FIREBIRD_TEST_DSN,
PDO_FIREBIRD_TEST_USER,
PDO_FIREBIRD_TEST_PASS,
[
PDO::ATTR_PERSISTENT => true,
],
);
// Avoid interned
$dbh->setAttribute(PDO::FB_ATTR_DATE_FORMAT, str_repeat('Y----m----d', random_int(1, 1)));
$dbh->setAttribute(PDO::FB_ATTR_TIME_FORMAT, str_repeat('H::::i::::s', random_int(1, 1)));
$dbh->setAttribute(PDO::FB_ATTR_TIMESTAMP_FORMAT, str_repeat('Y----m----d....H::::i::::s', random_int(1, 1)));
unset($dbh);
}
echo 'done!';
?>
--EXPECT--
done!