Commit dcf9d8f

committed

Fix phpGH-18494: PDO OCI segfault in statement GC

This is the same issue that was fixed in 2ae897f, but now for OCI. Closes phpGH-18495.

1 parent fb3536f commit dcf9d8fCopy full SHA for dcf9d8f

File tree

+12

-2

lines changed

+12

-2

lines changed

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,9 @@ PHP NEWS`
`25`	`25`	`. Fixed bug GH-18417 (Windows SHM reattachment fails when increasing`
`26`	`26`	`memory_consumption or jit_buffer_size). (nielsdos)`
`27`	`27`
	`28`	`+- PDO_OCI:`
	`29`	`+ . Fixed bug GH-18494 (PDO OCI segfault in statement GC). (nielsdos)`
	`30`	`+`
`28`	`31`	`- SPL:`
`29`	`32`	`. Fixed bug GH-18421 (Integer overflow with large numbers in LimitIterator).`
`30`	`33`	`(nielsdos)`

Lines changed: 9 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -98,14 +98,21 @@ static int oci_stmt_dtor(pdo_stmt_t stmt) / {{{ */`
`98`	`98`	`S->einfo.errmsg = NULL;`
`99`	`99`	`}`
`100`	`100`
	`101`	`+ /* TODO: There's php_pdo_stmt_valid_db_obj_handle in PHP-8.5-dev that does these checks. */`
	`102`	`+ bool server_obj_usable = !Z_ISUNDEF(stmt->database_object_handle)`
	`103`	`+ && IS_OBJ_VALID(EG(objects_store).object_buckets[Z_OBJ_HANDLE(stmt->database_object_handle)])`
	`104`	`+ && !(OBJ_FLAGS(Z_OBJ(stmt->database_object_handle)) & IS_OBJ_FREE_CALLED);`
	`105`	`+`
`101`	`106`	`if (S->cols) {`
`102`	`107`	`for (i = 0; i < stmt->column_count; i++) {`
`103`	`108`	`if (S->cols[i].data) {`
`104`	`109`	`switch (S->cols[i].dtype) {`
`105`	`110`	`case SQLT_BLOB:`
`106`	`111`	`case SQLT_CLOB:`
`107`		`- OCI_TEMPLOB_CLOSE(S->H->env, S->H->svc, S->H->err,`
`108`		`- (OCILobLocator *) S->cols[i].data);`
	`112`	`+ if (server_obj_usable) {`
	`113`	`+ OCI_TEMPLOB_CLOSE(S->H->env, S->H->svc, S->H->err,`
	`114`	`+ (OCILobLocator *) S->cols[i].data);`
	`115`	`+ }`
`109`	`116`	`OCIDescriptorFree(S->cols[i].data, OCI_DTYPE_LOB);`
`110`	`117`	`break;`
`111`	`118`	`default:`

Comments

(0)