Fix potential heap corruption due to alignment mismatch

cmb69 · cmb69 · commit 7e14d2466aca · 2022-10-13T11:47:24.000+02:00
The fix for bug 63327[1] changed the extra size of mysqlnd allocations from `sizeof(size_t)` to the properly aligned values; however, the allocation in `_mysqlnd_pestrdup()` has apparently been overlooked, which (currently) causes detectable heap corruption when running mysqli_get_client_stats.phpt on 32bit Windows versions. [1] <338a47b> Closes GH-9724.
diff --git a/NEWS b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.1.13
 
-
+- MySQLnd:
+  . Fixed potential heap corruption due to alignment mismatch. (cmb)
 
 27 Oct 2022, PHP 8.1.12
 
diff --git a/ext/mysqlnd/mysqlnd_alloc.c b/ext/mysqlnd/mysqlnd_alloc.c
@@ -346,7 +346,7 @@ static char * _mysqlnd_pestrdup(const char * const ptr, bool persistent MYSQLND_
 		smart_str_appendc(&tmp_str, *p);
 	} while (*p++);
 
-	ret = pemalloc_rel(ZSTR_LEN(tmp_str.s) + sizeof(size_t), persistent);
+	ret = pemalloc_rel(REAL_SIZE(ZSTR_LEN(tmp_str.s)), persistent);
 	memcpy(FAKE_PTR(ret), ZSTR_VAL(tmp_str.s), ZSTR_LEN(tmp_str.s));
 
 	if (ret && collect_memory_statistics) {
