Fix potential heap corruption due to alignment mismatch

The fix for bug 63327[1] changed the extra size of mysqlnd allocations from `sizeof(size_t)` to the properly aligned values; however, the allocation in `_mysqlnd_pestrdup()` has apparently been overlooked, which (currently) causes detectable heap corruption when running mysqli_get_client_stats.phpt on 32bit Windows versions. [1] <338a47b> Closes GH-9724.
php · Oct 13, 2022 · 7e14d24 · 7e14d24
1 parent 577b904
commit 7e14d24
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.1.13
 
-
+- MySQLnd:
+  . Fixed potential heap corruption due to alignment mismatch. (cmb)
 
 27 Oct 2022, PHP 8.1.12
 

diff --git a/ext/mysqlnd/mysqlnd_alloc.c b/ext/mysqlnd/mysqlnd_alloc.c
@@ -346,7 +346,7 @@ static char * _mysqlnd_pestrdup(const char * const ptr, bool persistent MYSQLND_
 		smart_str_appendc(&tmp_str, *p);
 	} while (*p++);
 
-	ret = pemalloc_rel(ZSTR_LEN(tmp_str.s) + sizeof(size_t), persistent);
+	ret = pemalloc_rel(REAL_SIZE(ZSTR_LEN(tmp_str.s)), persistent);
 	memcpy(FAKE_PTR(ret), ZSTR_VAL(tmp_str.s), ZSTR_LEN(tmp_str.s));
 
 	if (ret && collect_memory_statistics) {