| From: | Brian Sutherland <brian(at)vanguardistas(dot)net> |
|---|---|
| To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
| Cc: | Psycopg List <psycopg(at)postgresql(dot)org> |
| Subject: | Re: NULL dereference when memory is tight |
| Date: | 2011-02-24 09:39:20 |
| Message-ID: | 20110224093920.GD15185@Boo.local |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On Sun, Feb 20, 2011 at 06:06:30PM +0000, Daniele Varrazzo wrote:
> On Sun, Feb 20, 2011 at 4:47 PM, Brian Sutherland
> <brian(at)vanguardistas(dot)net> wrote:
> > Hi,
> >
> > I recently found a few places in the latest beta release where a NULL
> > dereference could occur when insufficient memory is available.
> >
> > For example in connection_type.c:
> >
> > 830 self->dsn = strdup(dsn);
> > ...
> > 855 pos = strstr(self->dsn, "password");
> >
> > strdup could return a NULL.
> >
> > Admittedly this is probably a minor bug, but would it interest anyone if
> > I report these somewhere?
>
> Thank you for the review.
Actually, thanks to monoidics for letting me try out their INFER static
code checker.
> Having patches would be even better, but I
> will take care of this one.
Great!
Attached is a patch for another issue, though I'm not sure if calling
PyErr_NoMemory within libpq is sane.
To tell if the other issues INFER raises are bugs would require a much
deeper insight into the psycopg2 code than I have.
--
Brian Sutherland
| Attachment | Content-Type | Size |
|---|---|---|
| notice_malloc.patch | text/plain | 925 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Federico Di Gregorio | 2011-02-24 09:52:52 | Re: NULL dereference when memory is tight |
| Previous Message | Danny Milosavljevic | 2011-02-22 20:53:41 | Re: psycopg2 (async) socket timeout |