php · SakiTakamachi · Apr 8, 2025 · Apr 8, 2025 · Apr 9, 2025 · Apr 10, 2025
@@ -492,13 +492,16 @@ static void firebird_handle_closer(pdo_dbh_t *dbh) /* {{{ */
 	}
 
 	if (H->date_format) {
-		efree(H->date_format);
+		pefree(H->date_format, dbh->is_persistent);
+		H->date_format = NULL;
 	}
 	if (H->time_format) {
-		efree(H->time_format);
+		pefree(H->time_format, dbh->is_persistent);
+		H->time_format = NULL;
 	}
 	if (H->timestamp_format) {
-		efree(H->timestamp_format);
+		pefree(H->timestamp_format, dbh->is_persistent);
+		H->timestamp_format = NULL;
 	}
 
 	pefree(H, dbh->is_persistent);
@@ -881,9 +884,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
 					return false;
 				}
 				if (H->date_format) {
-					efree(H->date_format);
+					pefree(H->date_format, dbh->is_persistent);
+					H->date_format = NULL;
 				}
-				spprintf(&H->date_format, 0, "%s", ZSTR_VAL(str));
+				H->date_format = pestrdup(ZSTR_VAL(str), dbh->is_persistent);
 				zend_string_release_ex(str, 0);
 			}
 			return true;
@@ -895,9 +899,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
 					return false;
 				}
 				if (H->time_format) {
-					efree(H->time_format);
+					pefree(H->time_format, dbh->is_persistent);
+					H->time_format = NULL;
 				}
-				spprintf(&H->time_format, 0, "%s", ZSTR_VAL(str));
+				H->time_format = pestrdup(ZSTR_VAL(str), dbh->is_persistent);
 				zend_string_release_ex(str, 0);
 			}
 			return true;
@@ -909,9 +914,10 @@ static bool firebird_handle_set_attribute(pdo_dbh_t *dbh, zend_long attr, zval *
 					return false;
 				}
 				if (H->timestamp_format) {
-					efree(H->timestamp_format);
+					pefree(H->timestamp_format, dbh->is_persistent);
+					H->timestamp_format = NULL;
 				}
-				spprintf(&H->timestamp_format, 0, "%s", ZSTR_VAL(str));
+				H->timestamp_format = pestrdup(ZSTR_VAL(str), dbh->is_persistent);
 				zend_string_release_ex(str, 0);
 			}
 			return true;

@@ -0,0 +1,35 @@
+--TEST--
+GH-18276 (persistent connection - setAttribute(Pdo\Firebird::ATTR_DATE_FORMAT, ..) results in "zend_mm_heap corrupted")
+--EXTENSIONS--
+pdo_firebird
+--SKIPIF--
+<?php require('skipif.inc'); ?>
+--XLEAK--
+A bug in firebird causes a memory leak when calling `isc_attach_database()`.
+See https://github.com/FirebirdSQL/firebird/issues/7849
+--FILE--
+<?php
+
+require("testdb.inc");
+unset($dbh);
+
+for ($i = 0; $i < 2; $i++) {
+    $dbh = new PDO(
+        PDO_FIREBIRD_TEST_DSN,
+        PDO_FIREBIRD_TEST_USER,
+        PDO_FIREBIRD_TEST_PASS,
+        [
+            PDO::ATTR_PERSISTENT => true,
+        ],
+    );
+    // Avoid interned
+    $dbh->setAttribute(PDO::FB_ATTR_DATE_FORMAT, str_repeat('Y----m----d', 1));
+    $dbh->setAttribute(PDO::FB_ATTR_TIME_FORMAT, str_repeat('H::::i::::s', 1));
+    $dbh->setAttribute(PDO::FB_ATTR_TIMESTAMP_FORMAT, str_repeat('Y----m----d....H::::i::::s', 1));
+    unset($dbh);
+}
+
+echo 'done!';
+?>
+--EXPECT--
+done!