Skip to content

Fix #79038: PDOStatement::nextRowset() leaks column values #5033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cmb69 wants to merge 1 commit into from
Closed

Fix #79038: PDOStatement::nextRowset() leaks column values #5033

cmb69 wants to merge 1 commit into from

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Dec 27, 2019

Firstly, we must not rely on stmt->column_count when freeing the
driver specific column values, but rather store the column count in
the driver data. Since the column count is a short, 16 bit are
sufficient, so we can store it in reserved bits of pdo_odbc_stmt.

Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.

Finally, we have to introduce a driver specific cursor_closer to
avoid that ::closeCursor() calls odbc_stmt_next_rowset() which then
frees the column value storage, because it may be still needed for
bound columns.

@cmb69
Fix #79038: PDOStatement::nextRowset() leaks column values
9374acd 
Firstly, we must not rely on `stmt->column_count` when freeing the
driver specific column values, but rather store the column count in
the driver data.  Since the column count is a `short`, 16 bit are
sufficient, so we can store it in reserved bits of `pdo_odbc_stmt`.

Furthermore, we must not allocate new column value storage when the
statement is not executed, but rather when the column value storage has
not been allocated.

Finally, we have to introduce a driver specific `cursor_closer` to
avoid that `::closeCursor()` calls `odbc_stmt_next_rowset()` which then
frees the column value storage, because it may be still needed for
bound columns.
@cmb69 cmb69 added the Bug label Dec 27, 2019
@cmb69
Copy link
Member Author

cmb69 commented Dec 27, 2019

Would be great if someone having a PDO_ODBC setup on Linux could check with valgrind. Also, testing with other backends then SQLServer would be nice.

@cmb69
Copy link
Member Author

cmb69 commented Jan 16, 2020

I've checked with ASan and MSVCRT debug builds (PHP-7.4, SQLServer), and apparently there are no memory corruption issues. Would be nice to have some additional testing for other environments/backends. Thanks!

@cmb69
Copy link
Member Author

cmb69 commented Feb 10, 2020

If there are no objections, I'll merge this PR in a week. Thanks.

@cmb69
Copy link
Member Author

cmb69 commented Feb 17, 2020

Applied as 08073b0. Thanks.

@cmb69 cmb69 closed this Feb 17, 2020
@cmb69 cmb69 deleted the cmb/fix-79038 branch February 17, 2020 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cmb69