Fix #79038: PDOStatement::nextRowset() leaks column values#5033
Closed
cmb69 wants to merge 1 commit intophp:PHP-7.3from
Closed
Fix #79038: PDOStatement::nextRowset() leaks column values#5033cmb69 wants to merge 1 commit intophp:PHP-7.3from
cmb69 wants to merge 1 commit intophp:PHP-7.3from
Conversation
Firstly, we must not rely on `stmt->column_count` when freeing the driver specific column values, but rather store the column count in the driver data. Since the column count is a `short`, 16 bit are sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`. Furthermore, we must not allocate new column value storage when the statement is not executed, but rather when the column value storage has not been allocated. Finally, we have to introduce a driver specific `cursor_closer` to avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then frees the column value storage, because it may be still needed for bound columns.
Member
Author
|
Would be great if someone having a PDO_ODBC setup on Linux could check with valgrind. Also, testing with other backends then SQLServer would be nice. |
Member
Author
|
I've checked with ASan and MSVCRT debug builds (PHP-7.4, SQLServer), and apparently there are no memory corruption issues. Would be nice to have some additional testing for other environments/backends. Thanks! |
Member
Author
|
If there are no objections, I'll merge this PR in a week. Thanks. |
Member
Author
|
Applied as 08073b0. Thanks. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Firstly, we must not rely on
stmt->column_countwhen freeing thedriver specific column values, but rather store the column count in
the driver data. Since the column count is a
short, 16 bit aresufficient, so we can store it in reserved bits of
pdo_odbc_stmt.Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.
Finally, we have to introduce a driver specific
cursor_closertoavoid that
::closeCursor()callsodbc_stmt_next_rowset()which thenfrees the column value storage, because it may be still needed for
bound columns.