MM Bug in libecpg

From: Sascha Demetrio <sd(at)b-comp(dot)de>
To: pgsql-bugs(at)postgresql(dot)org
Subject: MM Bug in libecpg
Date: 2001-09-29 15:00:34
Message-ID: 20010929170034.A7391@gargamel.b-comp.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Hi,

I'd like to report a bug in the memory management of libecpg
(PostgreSQL version 7.1.3).

The ECPGLog() call in ./src/interfaces/ecpg/lib/connect.c line 428
uses variables pointing to free()'ed storage (`realname', `host',
`port', and `options', see patch below).

regards,
Sascha Demetrio

diff -u connect.c.old connect.c
--- connect.c.old Sat Sep 29 16:51:41 2001
+++ connect.c Sat Sep 29 16:53:03 2001
@@ -411,17 +411,6 @@

this->connection = PQsetdbLogin(host, port, options, NULL, realname, user, passwd);

- if (host)
- free(host);
- if (port)
- free(port);
- if (options)
- free(options);
- if (realname)
- free(realname);
- if (dbname)
- free(dbname);
-
if (PQstatus(this->connection) == CONNECTION_BAD)
{
ecpg_finish(this);
@@ -433,8 +422,31 @@
user ? "for user " : "", user ? user : "",
lineno);
ECPGraise(lineno, ECPG_CONNECT, realname ? realname : "<DEFAULT>");
+
+ if (host)
+ free(host);
+ if (port)
+ free(port);
+ if (options)
+ free(options);
+ if (realname)
+ free(realname);
+ if (dbname)
+ free(dbname);
+
return false;
}
+
+ if (host)
+ free(host);
+ if (port)
+ free(port);
+ if (options)
+ free(options);
+ if (realname)
+ free(realname);
+ if (dbname)
+ free(dbname);

this->committed = true;
this->autocommit = autocommit;

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Lee Kindness 2001-10-01 10:27:47 ESQL/C TRUNCATE TABLE results in DROP TABLE
Previous Message Bruce Momjian 2001-09-28 19:50:12 Re: [PHP] [BUGS] PostgreSQL / PHP Overrun Error