Fix GH-17900 and GH-8084

nielsdos · nielsdos · commit 94520fa68280 · 2025-02-23T17:42:04.000+01:00
Calling the constructor twice has no real world benefit. Block it to fix these two issues. We also clean up the constructor code a bit: 1) `in_ctor` implies `object` exists 2) We no longer need to deal with reusing internal data. Closes GH-17900. Closes GH-8084.
diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
@@ -72,7 +72,12 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, bool is_real_connect, b
 	}
 #endif
 
-	if (getThis() && !ZEND_NUM_ARGS() && in_ctor) {
+	if (UNEXPECTED(in_ctor && (Z_MYSQLI_P(object))->ptr)) {
+		zend_throw_error(NULL, "Cannot call constructor twice");
+		return;
+	}
+
+	if (in_ctor && !ZEND_NUM_ARGS()) {
 		php_mysqli_init(INTERNAL_FUNCTION_PARAM_PASSTHRU, in_ctor);
 		return;
 	}
@@ -85,16 +90,13 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, bool is_real_connect, b
 		}
 
 		if (object) {
+#if ZEND_DEBUG
 			ZEND_ASSERT(instanceof_function(Z_OBJCE_P(object), mysqli_link_class_entry));
-			mysqli_resource = (Z_MYSQLI_P(object))->ptr;
-			if (mysqli_resource && mysqli_resource->ptr) {
-				mysql = (MY_MYSQL*) mysqli_resource->ptr;
-			}
-		}
-		if (!mysql) {
-			mysql = (MY_MYSQL *) ecalloc(1, sizeof(MY_MYSQL));
-			self_alloced = 1;
+#endif
+			ZEND_ASSERT(!Z_MYSQLI_P(object)->ptr);
 		}
+		mysql = (MY_MYSQL *) ecalloc(1, sizeof(MY_MYSQL));
+		self_alloced = 1;
 		flags |= CLIENT_MULTI_RESULTS; /* needed for mysql_multi_query() */
 	} else {
 		/* We have flags too */
diff --git a/ext/mysqli/tests/gh17900.phpt b/ext/mysqli/tests/gh17900.phpt
@@ -0,0 +1,16 @@
+--TEST--
+GH-17900 (Assertion failure ext/mysqli/mysqli_prop.c)
+--EXTENSIONS--
+mysqli
+--FILE--
+<?php
+mysqli_report(MYSQLI_REPORT_OFF);
+$mysqli = new mysqli();
+try {
+    $mysqli->__construct('doesnotexist');
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+?>
+--EXPECT--
+Cannot call constructor twice
diff --git a/ext/mysqli/tests/mysqli_incomplete_initialization.phpt b/ext/mysqli/tests/mysqli_incomplete_initialization.phpt
@@ -12,8 +12,8 @@ $mysqli->close();
 
 ?>
 --EXPECTF--
-Fatal error: Uncaught Error: mysqli object is not fully initialized in %s:%d
+Fatal error: Uncaught Error: Cannot call constructor twice in %s:%d
 Stack trace:
-#0 %s(%d): mysqli->close()
+#0 %s(%d): mysqli->__construct('doesnotexist')
 #1 {main}
   thrown in %s on line %d
