Обсуждение: MM Bug in libecpg

Hi,

I'd like to report a bug in the memory management of libecpg
(PostgreSQL version 7.1.3).

The ECPGLog() call in ./src/interfaces/ecpg/lib/connect.c line 428
uses variables pointing to free()'ed storage (`realname', `host',
`port', and `options', see patch below).

regards,
    Sascha Demetrio

diff -u connect.c.old connect.c
--- connect.c.old    Sat Sep 29 16:51:41 2001
+++ connect.c    Sat Sep 29 16:53:03 2001
@@ -411,17 +411,6 @@

     this->connection = PQsetdbLogin(host, port, options, NULL, realname, user, passwd);

-    if (host)
-        free(host);
-    if (port)
-        free(port);
-    if (options)
-        free(options);
-    if (realname)
-        free(realname);
-    if (dbname)
-        free(dbname);
-
     if (PQstatus(this->connection) == CONNECTION_BAD)
     {
         ecpg_finish(this);
@@ -433,8 +422,31 @@
                 user ? "for user " : "", user ? user : "",
                 lineno);
         ECPGraise(lineno, ECPG_CONNECT, realname ? realname : "<DEFAULT>");
+
+        if (host)
+            free(host);
+        if (port)
+            free(port);
+        if (options)
+            free(options);
+        if (realname)
+            free(realname);
+        if (dbname)
+            free(dbname);
+
         return false;
     }
+
+    if (host)
+        free(host);
+    if (port)
+        free(port);
+    if (options)
+        free(options);
+    if (realname)
+        free(realname);
+    if (dbname)
+        free(dbname);

     this->committed = true;
     this->autocommit = autocommit;

Patch applied.  Thanks.

> Hi,
>
> I'd like to report a bug in the memory management of libecpg
> (PostgreSQL version 7.1.3).
>
> The ECPGLog() call in ./src/interfaces/ecpg/lib/connect.c line 428
> uses variables pointing to free()'ed storage (`realname', `host',
> `port', and `options', see patch below).
>
> regards,
>     Sascha Demetrio
>
> diff -u connect.c.old connect.c
> --- connect.c.old    Sat Sep 29 16:51:41 2001
> +++ connect.c    Sat Sep 29 16:53:03 2001
> @@ -411,17 +411,6 @@
>
>      this->connection = PQsetdbLogin(host, port, options, NULL, realname, user, passwd);
>
> -    if (host)
> -        free(host);
> -    if (port)
> -        free(port);
> -    if (options)
> -        free(options);
> -    if (realname)
> -        free(realname);
> -    if (dbname)
> -        free(dbname);
> -
>      if (PQstatus(this->connection) == CONNECTION_BAD)
>      {
>          ecpg_finish(this);
> @@ -433,8 +422,31 @@
>                  user ? "for user " : "", user ? user : "",
>                  lineno);
>          ECPGraise(lineno, ECPG_CONNECT, realname ? realname : "<DEFAULT>");
> +
> +        if (host)
> +            free(host);
> +        if (port)
> +            free(port);
> +        if (options)
> +            free(options);
> +        if (realname)
> +            free(realname);
> +        if (dbname)
> +            free(dbname);
> +
>          return false;
>      }
> +
> +    if (host)
> +        free(host);
> +    if (port)
> +        free(port);
> +    if (options)
> +        free(options);
> +    if (realname)
> +        free(realname);
> +    if (dbname)
> +        free(dbname);
>
>      this->committed = true;
>      this->autocommit = autocommit;
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026