fix Pdo\Pgsql running_stmt not being cleared

outtersg · outtersg · commit 75fd500faf3e · 2024-10-23T23:50:08.000+02:00
we unconditionally set it, but conditionally unset it, letting a dangling pointer that was tentatively freed a second time
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
@@ -113,9 +113,10 @@ void pgsql_stmt_finish(pdo_pgsql_stmt *S, int fin_mode)
 		}
 
 		S->is_prepared = false;
-		if (H->running_stmt == S) {
-			H->running_stmt = NULL;
-		}
+	}
+
+	if (H->running_stmt == S && (fin_mode & (FIN_CLOSE|FIN_ABORT))) {
+		H->running_stmt = NULL;
 	}
 }
 
@@ -192,7 +193,6 @@ static int pgsql_stmt_execute(pdo_stmt_t *stmt)
 	 * (maybe it will change with pipeline mode in libpq 14?) */
 	if (H->running_stmt && H->running_stmt->is_unbuffered) {
 		pgsql_stmt_finish(H->running_stmt, FIN_CLOSE);
-		H->running_stmt = NULL;
 	}
 	/* ensure that we free any previous unfetched results */
 	pgsql_stmt_finish(S, 0);

Original file line number	Diff line number	Diff line change
`@@ -113,9 +113,10 @@ void pgsql_stmt_finish(pdo_pgsql_stmt *S, int fin_mode)`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`S->is_prepared = false;`
`116`		`- if (H->running_stmt == S) {`
`117`		`- H->running_stmt = NULL;`
`118`		`- }`
	`116`	`+ }`
	`117`	`+`
	`118`	`+ if (H->running_stmt == S && (fin_mode & (FIN_CLOSE\|FIN_ABORT))) {`
	`119`	`+ H->running_stmt = NULL;`
`119`	`120`	`}`
`120`	`121`	`}`
`121`	`122`
`@@ -192,7 +193,6 @@ static int pgsql_stmt_execute(pdo_stmt_t *stmt)`
`192`	`193`	`* (maybe it will change with pipeline mode in libpq 14?) */`
`193`	`194`	`if (H->running_stmt && H->running_stmt->is_unbuffered) {`
`194`	`195`	`pgsql_stmt_finish(H->running_stmt, FIN_CLOSE);`
`195`		`- H->running_stmt = NULL;`
`196`	`196`	`}`
`197`	`197`	`/* ensure that we free any previous unfetched results */`
`198`	`198`	`pgsql_stmt_finish(S, 0);`