mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Merge branch 'PHP-7.3' into PHP-7.4
* PHP-7.3: Fix #79084: mysqlnd may fetch wrong column indexes with MYSQLI_BOTH
This commit is contained in:
commit
b0cdd8cc53
4
NEWS
4
NEWS
@ -6,6 +6,10 @@ PHP NEWS
|
||||
. Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
|
||||
(cmb)
|
||||
|
||||
- MySQLnd:
|
||||
. Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
|
||||
(cmb)
|
||||
|
||||
23 Jan 2020, PHP 7.4.2
|
||||
|
||||
- Core:
|
||||
|
79
ext/mysqli/tests/bug79084.phpt
Normal file
79
ext/mysqli/tests/bug79084.phpt
Normal file
@ -0,0 +1,79 @@
|
||||
--TEST--
|
||||
Bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH)
|
||||
--SKIPIF--
|
||||
<?php
|
||||
require_once('skipif.inc');
|
||||
require_once('skipifconnectfailure.inc');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('connect.inc');
|
||||
$sql = "SELECT 0 as `2007`, 0 as `2008`, 0 as `2020`";
|
||||
|
||||
// unbuffered
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$link->real_query($sql);
|
||||
$res = $link->use_result();
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
|
||||
// buffered
|
||||
ini_set('mysqlnd.fetch_data_copy', false);
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$res = $link->query($sql);
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
|
||||
// buffered copies
|
||||
ini_set('mysqlnd.fetch_data_copy', true);
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$res = $link->query($sql);
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
?>
|
||||
--EXPECT--
|
||||
array(6) {
|
||||
[0]=>
|
||||
string(1) "0"
|
||||
[2007]=>
|
||||
string(1) "0"
|
||||
[1]=>
|
||||
string(1) "0"
|
||||
[2008]=>
|
||||
string(1) "0"
|
||||
[2]=>
|
||||
string(1) "0"
|
||||
[2020]=>
|
||||
string(1) "0"
|
||||
}
|
||||
array(6) {
|
||||
[0]=>
|
||||
string(1) "0"
|
||||
[2007]=>
|
||||
string(1) "0"
|
||||
[1]=>
|
||||
string(1) "0"
|
||||
[2008]=>
|
||||
string(1) "0"
|
||||
[2]=>
|
||||
string(1) "0"
|
||||
[2020]=>
|
||||
string(1) "0"
|
||||
}
|
||||
array(6) {
|
||||
[0]=>
|
||||
string(1) "0"
|
||||
[2007]=>
|
||||
string(1) "0"
|
||||
[1]=>
|
||||
string(1) "0"
|
||||
[2008]=>
|
||||
string(1) "0"
|
||||
[2]=>
|
||||
string(1) "0"
|
||||
[2020]=>
|
||||
string(1) "0"
|
||||
}
|
61
ext/mysqli/tests/bug79084_collision.phpt
Normal file
61
ext/mysqli/tests/bug79084_collision.phpt
Normal file
@ -0,0 +1,61 @@
|
||||
--TEST--
|
||||
Bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH) - collision
|
||||
--SKIPIF--
|
||||
<?php
|
||||
require_once('skipif.inc');
|
||||
require_once('skipifconnectfailure.inc');
|
||||
?>
|
||||
--FILE--
|
||||
<?php
|
||||
require_once('connect.inc');
|
||||
$sql = "SELECT 11111 as `1`, 22222 as `2`";
|
||||
|
||||
// unbuffered
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$link->real_query($sql);
|
||||
$res = $link->use_result();
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
|
||||
// buffered
|
||||
ini_set('mysqlnd.fetch_data_copy', false);
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$res = $link->query($sql);
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
|
||||
// buffered copies
|
||||
ini_set('mysqlnd.fetch_data_copy', true);
|
||||
$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
|
||||
$res = $link->query($sql);
|
||||
$row = $res->fetch_array();
|
||||
var_dump($row);
|
||||
$link->close();
|
||||
?>
|
||||
--EXPECT--
|
||||
array(3) {
|
||||
[0]=>
|
||||
string(5) "11111"
|
||||
[1]=>
|
||||
string(5) "11111"
|
||||
[2]=>
|
||||
string(5) "22222"
|
||||
}
|
||||
array(3) {
|
||||
[0]=>
|
||||
string(5) "11111"
|
||||
[1]=>
|
||||
string(5) "11111"
|
||||
[2]=>
|
||||
string(5) "22222"
|
||||
}
|
||||
array(3) {
|
||||
[0]=>
|
||||
string(5) "11111"
|
||||
[1]=>
|
||||
string(5) "11111"
|
||||
[2]=>
|
||||
string(5) "22222"
|
||||
}
|
@ -844,8 +844,9 @@ MYSQLND_METHOD(mysqlnd_result_unbuffered, fetch_row)(MYSQLND_RES * result, void
|
||||
const size_t len = (Z_TYPE_P(data) == IS_STRING)? Z_STRLEN_P(data) : 0;
|
||||
|
||||
if (flags & MYSQLND_FETCH_NUM) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
zend_hash_next_index_insert(row_ht, data);
|
||||
if (zend_hash_index_add(row_ht, i, data) != NULL) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
}
|
||||
}
|
||||
if (flags & MYSQLND_FETCH_ASSOC) {
|
||||
/* zend_hash_quick_update needs length + trailing zero */
|
||||
@ -1101,8 +1102,9 @@ MYSQLND_METHOD(mysqlnd_result_buffered_zval, fetch_row)(MYSQLND_RES * result, vo
|
||||
set->lengths[i] = (Z_TYPE_P(data) == IS_STRING)? Z_STRLEN_P(data) : 0;
|
||||
|
||||
if (flags & MYSQLND_FETCH_NUM) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
zend_hash_next_index_insert(Z_ARRVAL_P(row), data);
|
||||
if (zend_hash_index_add(Z_ARRVAL_P(row), i, data) != NULL) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
}
|
||||
}
|
||||
if (flags & MYSQLND_FETCH_ASSOC) {
|
||||
/* zend_hash_quick_update needs length + trailing zero */
|
||||
@ -1197,8 +1199,9 @@ MYSQLND_METHOD(mysqlnd_result_buffered_c, fetch_row)(MYSQLND_RES * result, void
|
||||
set->lengths[i] = (Z_TYPE_P(data) == IS_STRING)? Z_STRLEN_P(data) : 0;
|
||||
|
||||
if (flags & MYSQLND_FETCH_NUM) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
zend_hash_next_index_insert(Z_ARRVAL_P(row), data);
|
||||
if (zend_hash_index_add(Z_ARRVAL_P(row), i, data)) {
|
||||
Z_TRY_ADDREF_P(data);
|
||||
}
|
||||
}
|
||||
if (flags & MYSQLND_FETCH_ASSOC) {
|
||||
/* zend_hash_quick_update needs length + trailing zero */
|
||||
|
Loading…
Reference in New Issue
Block a user