ext/pdo: Prevent statement modification during fetching

Author: Girgias

ext/pdo/pdo_stmt.c

@@ -730,6 +730,7 @@ static bool do_fetch(pdo_stmt_t *stmt, zval *return_value, enum pdo_fetch_type h
 		return true;
 	}
 
+	stmt->in_fetch = true;
 	switch (how) {
 		case PDO_FETCH_USE_DEFAULT:
 		case PDO_FETCH_ASSOC:
@@ -938,6 +939,7 @@ static bool do_fetch(pdo_stmt_t *stmt, zval *return_value, enum pdo_fetch_type h
 		}
 		efree(fetch_function_params);
 	}
+	stmt->in_fetch = false;
 
 	return true;
 }
@@ -1742,6 +1744,10 @@ PHP_METHOD(PDOStatement, setFetchMode)
 
 	PHP_STMT_GET_OBJ;
 
+	if (stmt->in_fetch) {
+		zend_throw_error(NULL, "Cannot change default fetch mode while fetching");
+		RETURN_THROWS();
+	}
 	if (!pdo_stmt_setup_fetch_mode(stmt, fetch_mode, 1, args, num_args)) {
 		RETURN_THROWS();
 	}

ext/pdo/php_pdo_driver.h

@@ -568,7 +568,9 @@ struct _pdo_stmt_t {
 	 * emulate prepare and bind on its behalf */
 	unsigned supports_placeholders:2;
 
-	unsigned _reserved:29;
+	/* If true we are in a do_fetch() call, and modification to the statement must be prevented */
+	unsigned in_fetch:1;
+	unsigned _reserved:28;
 
 	/* the number of columns in the result set; not valid until after
 	 * the statement has been executed at least once.  In some cases, might

ext/pdo/tests/pdo_fetch_class_change_ctor_args_during_fetch1.phpt

@@ -37,7 +37,12 @@ $stmt = $db->prepare('SELECT val1, val2 FROM pdo_fetch_class_change_ctor_one');
 $stmt->setFetchMode(PDO::FETCH_CLASS, 'Test', [$stmt]);
 
 $stmt->execute();
-var_dump($stmt->fetch());
+
+try {
+    var_dump($stmt->fetch());
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -51,9 +56,4 @@ object(PDOStatement)#%d (1) {
   ["queryString"]=>
   string(54) "SELECT val1, val2 FROM pdo_fetch_class_change_ctor_one"
 }
-object(Test)#%d (2) {
-  ["val1"]=>
-  string(1) "A"
-  ["val2"]=>
-  string(5) "alpha"
-}
+Error: Cannot change default fetch mode while fetching

ext/pdo/tests/pdo_fetch_class_change_ctor_args_during_fetch2.phpt

@@ -37,7 +37,12 @@ $db->exec("INSERT INTO pdo_fetch_class_change_ctor_two VALUES(4, 'D', 'delta')")
 $stmt = $db->prepare('SELECT val1, val2 FROM pdo_fetch_class_change_ctor_two');
 
 $stmt->execute();
-var_dump($stmt->fetchObject('Test', [$stmt]));
+
+try {
+    var_dump($stmt->fetchObject('Test', [$stmt]));
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -51,9 +56,4 @@ object(PDOStatement)#%s (1) {
   ["queryString"]=>
   string(54) "SELECT val1, val2 FROM pdo_fetch_class_change_ctor_two"
 }
-object(Test)#%s (2) {
-  ["val1"]=>
-  string(1) "A"
-  ["val2"]=>
-  string(5) "alpha"
-}
+Error: Cannot change default fetch mode while fetching

ext/pdo/tests/pdo_fetch_class_change_ctor_args_during_fetch3.phpt

@@ -37,7 +37,12 @@ $stmt = $db->prepare('SELECT val1, val2 FROM pdo_fetch_class_change_ctor_three')
 $stmt->setFetchMode(PDO::FETCH_CLASS, 'Test', [$stmt]);
 
 $stmt->execute();
-var_dump($stmt->fetchAll());
+
+try {
+    var_dump($stmt->fetchAll());
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -51,36 +56,4 @@ object(PDOStatement)#%d (1) {
   ["queryString"]=>
   string(56) "SELECT val1, val2 FROM pdo_fetch_class_change_ctor_three"
 }
-string(5) "alpha"
-string(5) "alpha"
-string(5) "alpha"
-array(4) {
-  [0]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "A"
-    ["val2"]=>
-    string(5) "alpha"
-  }
-  [1]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "B"
-    ["val2"]=>
-    string(4) "beta"
-  }
-  [2]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "C"
-    ["val2"]=>
-    string(5) "gamma"
-  }
-  [3]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "D"
-    ["val2"]=>
-    string(5) "delta"
-  }
-}
+Error: Cannot change default fetch mode while fetching

ext/pdo/tests/pdo_fetch_class_change_ctor_args_during_fetch4.phpt

@@ -36,7 +36,12 @@ $db->exec("INSERT INTO pdo_fetch_class_change_ctor_four VALUES(4, 'D', 'delta')"
 $stmt = $db->prepare('SELECT val1, val2 FROM pdo_fetch_class_change_ctor_four');
 
 $stmt->execute();
-var_dump($stmt->fetchAll(PDO::FETCH_CLASS, 'Test', [$stmt]));
+
+try {
+    var_dump($stmt->fetchAll(PDO::FETCH_CLASS, 'Test', [$stmt]));
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -50,36 +55,4 @@ object(PDOStatement)#%d (1) {
   ["queryString"]=>
   string(55) "SELECT val1, val2 FROM pdo_fetch_class_change_ctor_four"
 }
-string(5) "alpha"
-string(5) "alpha"
-string(5) "alpha"
-array(4) {
-  [0]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "A"
-    ["val2"]=>
-    string(5) "alpha"
-  }
-  [1]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "B"
-    ["val2"]=>
-    string(4) "beta"
-  }
-  [2]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "C"
-    ["val2"]=>
-    string(5) "gamma"
-  }
-  [3]=>
-  object(Test)#%d (2) {
-    ["val1"]=>
-    string(1) "D"
-    ["val2"]=>
-    string(5) "delta"
-  }
-}
+Error: Cannot change default fetch mode while fetching

ext/pdo/tests/pdo_fetch_class_change_ctor_args_during_fetch5.phpt

@@ -38,7 +38,11 @@ function stuffingErrorHandler(int $errno, string $errstr, string $errfile, int $
 }
 set_error_handler(stuffingErrorHandler(...));
 
-var_dump($stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, 'B', [$stmt]));
+try {
+    var_dump($stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, 'B', [$stmt]));
+} catch (\Throwable $e) {
+    echo $e::class, ': ', $e->getMessage(), \PHP_EOL;
+}
 
 ?>
 --CLEAN--
@@ -47,9 +51,6 @@ require_once getenv('REDIR_TEST_DIR') . 'pdo_test.inc';
 $db = PDOTest::factory();
 PDOTest::dropTableIfExists($db, "pdo_fetch_class_change_ctor_five");
 ?>
---EXPECTF--
+--EXPECT--
 PDOStatement::fetchAll(): The PDO::FETCH_SERIALIZE mode is deprecated
-PDOStatement::fetchAll(): SQLSTATE[HY000]: General error: cannot unserialize class
-PDOStatement::fetchAll(): SQLSTATE[HY000]: General error%S
-array(0) {
-}
+Error: Cannot change default fetch mode while fetching