Fix GH-21869: pdo_pgsql DEALLOCATE in destructor can poison the enclosing transaction.

devnexen · devnexen · commit 296ad2bcdd5a · 2026-04-24T23:42:41.000+01:00
On libpq &lt; 17 the raw DEALLOCATE can fail (e.g. Aurora DSQL rejects it),
which aborts the user's transaction and turns the next COMMIT into a
silent ROLLBACK. Wrap it in a SAVEPOINT so a failure is contained, and
skip it when the transaction is already aborted or the connection is gone.
diff --git a/ext/pdo_pgsql/pgsql_statement.c b/ext/pdo_pgsql/pgsql_statement.c
@@ -79,9 +79,43 @@ static int pgsql_stmt_dtor(pdo_stmt_t *stmt)
 			// TODO (??) libpq does not support close statement protocol < postgres 17
 			// check if we can circumvent this.
 			char *q = NULL;
-			spprintf(&q, 0, "DEALLOCATE %s", S->stmt_name);
-			res = PQexec(H->server, q);
-			efree(q);
+			PGTransactionStatusType tstatus = PQtransactionStatus(H->server);
+
+			switch (tstatus) {
+			case PQTRANS_ACTIVE:
+			case PQTRANS_INERROR:
+			case PQTRANS_UNKNOWN:
+				res = NULL;
+				break;
+			case PQTRANS_INTRANS:
+				spprintf(&q, 0, 
+					"SAVEPOINT pdo_pgsql_deallocate_%s;"
+					"DEALLOCATE %s;"
+					"RELEASE SAVEPOINT pdo_pgsql_deallocate_%s",
+					S->stmt_name,
+					S->stmt_name,
+					S->stmt_name);
+				res = PQexec(H->server, q);
+				efree(q);
+				if (res && PQresultStatus(res) != PGRES_COMMAND_OK) {
+					spprintf(&q, 0,
+						"ROLLBACK TO SAVEPOINT pdo_pgsql_deallocate_%s;"
+						"RELEASE SAVEPOINT pdo_pgsql_deallocate_%s",
+						S->stmt_name,
+						S->stmt_name);
+					PGresult *rollres;
+					PQclear(res);
+					rollres = PQexec(H->server, q);
+					res = rollres;
+					efree(q);
+				}
+				break;
+			default:
+				spprintf(&q, 0, "DEALLOCATE %s", S->stmt_name);
+				res = PQexec(H->server, q);
+				efree(q);
+				break;
+			}
 #else
 			res = PQclosePrepared(H->server, S->stmt_name);
 #endif
diff --git a/ext/pdo_pgsql/tests/gh21869.phpt b/ext/pdo_pgsql/tests/gh21869.phpt
@@ -0,0 +1,46 @@
+--TEST--
+GH-21869 pdo_pgsql: DEALLOCATE failure in destructor must not poison the enclosing transaction
+--EXTENSIONS--
+pdo
+pdo_pgsql
+--SKIPIF--
+<?php
+require __DIR__ . '/config.inc';
+require __DIR__ . '/../../../ext/pdo/tests/pdo_test.inc';
+PDOTest::skip();
+$pdo = PDOTest::factory();
+if (version_compare($pdo->getAttribute(PDO::ATTR_CLIENT_VERSION), '17', '>=')) {
+    die('skip libpq >= 17 uses PQclosePrepared instead of the DEALLOCATE query');
+}
+?>
+--FILE--
+<?php
+require __DIR__ . '/../../../ext/pdo/tests/pdo_test.inc';
+$pdo = PDOTest::test_factory(__DIR__ . '/common.phpt');
+$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
+
+$pdo->exec('CREATE TABLE gh21869 (a integer not null)');
+
+$pdo->beginTransaction();
+$stmt = $pdo->prepare('INSERT INTO gh21869 (a) VALUES (?)');
+$stmt->execute([1]);
+
+foreach ($pdo->query('SELECT name FROM pg_prepared_statements') as $row) {
+    $pdo->exec('DEALLOCATE ' . $row['name']);
+}
+
+unset($stmt);
+
+$pdo->commit();
+
+var_dump((int) $pdo->query('SELECT count(*) FROM gh21869')->fetchColumn());
+?>
+--CLEAN--
+<?php
+require __DIR__ . '/../../../ext/pdo/tests/pdo_test.inc';
+$pdo = PDOTest::test_factory(__DIR__ . '/common.phpt');
+$pdo->exec('DROP TABLE IF EXISTS gh21869');
+?>
+--EXPECT--
+int(1)
