Fix memory leak when destroying PDORow

This should call zend_object_std_dtor() to clean the property table etc. This also has a semantic influence because previously weak refs were not notified for example. This fixes the final issue in GH-18114 (the crash was master-only and fixed already). Closes GH-18114. Closes GH-18123.
2025-03-20 19:21:27 +01:00
parent 6af240d8da
commit 2dde07af55
3 changed files with 23 additions and 0 deletions
--- a/3
+++ b/3
@ -37,6 +37,9 @@ PHP                                                                        NEWS
 - Opcache:
  . Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos)

+- PDO:
+  . Fix memory leak when destroying PDORow. (nielsdos)
+
 - SPL:
  . Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in
    ArrayObject). (nielsdos)
--- a/ext/pdo/pdo_stmt.c
+++ b/ext/pdo/pdo_stmt.c
@ -2506,6 +2506,7 @@ void pdo_row_free_storage(zend_object *std)
 		ZVAL_UNDEF(&row->stmt->lazy_object_ref);
 		OBJ_RELEASE(&row->stmt->std);
 	}
+	zend_object_std_dtor(std);
 }

 zend_object *pdo_row_new(zend_class_entry *ce)
--- a/ext/pdo_sqlite/tests/gh18114.phpt
+++ b/ext/pdo_sqlite/tests/gh18114.phpt
@ -0,0 +1,19 @@
+--TEST--
+GH-18114 (pdo lazy object crash)
+--EXTENSIONS--
+pdo_sqlite
+--FILE--
+<?php
+$db = new PDO('sqlite::memory:');
+$x = $db->query('select 1 as queryString');
+$data = $x->fetch(PDO::FETCH_LAZY);
+foreach ($data as $entry) {
+    var_dump($entry);
+}
+var_dump((array) $data);
+echo "Done\n";
+?>
+--EXPECT--
+array(0) {
+}
+Done