Fix GH-15432: Heap corruption when querying a vector

Since the mysqlnd result set is arena allocated, we must not simply
free it, but rather call the appropriate `free_result` method.

Co-authored-by: Kamil Tekiela <[email protected]>

Author: cmb69

NEWS

@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.24
 
+- MySQLnd:
+  . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
+    Kamil Tekiela)
+
 29 Aug 2024, PHP 8.2.23
 
 - Core:

ext/mysqli/tests/gh15432.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Bug GH-15432 (Heap corruption when querying a vector)
+--EXTENSIONS--
+mysqli
+--SKIPIF--
+<?php
+require 'connect.inc';
+$link = @my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
+if ($link === false) {
+    die(sprintf("skip Can't connect to MySQL Server - [%d] %s", mysqli_connect_errno(), mysqli_connect_error()));
+}
+if ($link->server_version < 90000 || $link->server_version >= 10_00_00) {
+    die("skip MySQL 9.0.0+ needed");
+}
+?>
+--FILE--
+<?php
+require 'connect.inc';
+$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
+var_dump($link->query('SELECT STRING_TO_VECTOR("[1.05, -17.8, 32]")'));
+?>
+--EXPECTF--
+Warning: mysqli::query(): Unknown type 242 sent by the server. Please send a report to the developers in %s on line %d
+bool(false)

ext/mysqlnd/mysqlnd_result.c

@@ -302,7 +302,7 @@ mysqlnd_query_read_result_set_header(MYSQLND_CONN_DATA * conn, MYSQLND_STMT * s)
 				if (FAIL == (ret = result->m.read_result_metadata(result, conn))) {
 					/* For PS, we leave them in Prepared state */
 					if (!stmt && conn->current_result) {
-						mnd_efree(conn->current_result);
+						conn->current_result->m.free_result(conn->current_result, TRUE);
 						conn->current_result = NULL;
 					}
 					DBG_ERR("Error occurred while reading metadata");