From: | wliang(at)stu(dot)xidian(dot)edu(dot)cn |
---|---|
To: | pgsql-bugs <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Subject: | Report some potential memory leak bugs in pg_dump.c |
Date: | 2022-02-19 05:45:38 |
Message-ID: | 41c0d83b.acf.17f1083ab65.Coremail.wliang@stu.xidian.edu.cn |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Hi all,
I find some potential memory leaks in PostgresSQL 14.1, which are in bin/pg_dump/pg_dump.c.
The first one is in the function dumpBaseType().
Specifically, at line 10545 and line 10546, function getFormattedTypeName() is called, which allocates a chunk of memory by using pg_strdup() and returns it. The returned chunk is directly passed to appendPQExpBuffer() as its 3rd parameter. However, we find that the chunk is not freed in appendPQExpBuffer(). As a result, there is a memory leak.
10544 appendPQExpBuffer(q, ",\n ELEMENT = %s",
10545 getFormattedTypeName(fout, tyinfo->typelem,
10546 zeroIsError));
17850static const char *
17851getFormattedTypeName(Archive *fout, Oid oid, OidOptions opts)
17852{
…
17878result = pg_strdup(PQgetvalue(res, 0, 0));
…
17892return result;
17893}
Furthermore, we also find that there are a dozen of similar leaks in other functions as follow.
1) At lines 11315 to 11317, in function format_function_signature().
11315 appendPQExpBufferStr(&fn,
11316 getFormattedTypeName(fout, finfo-->argtypes[j],
11317 zeroIsError));
2) At lines 11571 to 11572, in function dumpFunc().
11571 appendPQExpBuffer(q, "FOR TYPE %s",
11572 getFormattedTypeName(fout, typeids[i], zeroAsNone));
3) At lines 11553 to 11556, in function dumpFunc().
11553 appendPQExpBuffer(q, " RETURNS %s%s",
11554 (proretset[0] == 't') ? "SETOF " : "",
11555 getFormattedTypeName(fout, finfo->prorettype,
11556 zeroIsError));
4) At lines 13125 to 13129, in function format_aggregate_signature().
13125 appendPQExpBuffer(&buf, "%s%s",
13126 (j > 0) ? ", " : "",
13127 getFormattedTypeName(fout,
13128 agginfo->aggfn.argtypes[j],
13129 zeroIsError));
5) At lines 13520 to 13521, in function dumpTSParser().
13520 appendPQExpBuffer(q, " START = %s,\n",
13521 convertTSFunction(fout, prsinfo->prsstart));
6) At lines 13522 to 13523, in function dumpTSParser().
13522 appendPQExpBuffer(q, " GETTOKEN = %s,\n",
13523 convertTSFunction(fout, prsinfo->prstoken));
7) At lines 13524 to 13525, in function dumpTSParser().
13524 appendPQExpBuffer(q, " END = %s,\n",
13525 convertTSFunction(fout, prsinfo->prsend));
8) At lines 13527 to 13528, in function dumpTSParser().
13527 appendPQExpBuffer(q, " HEADLINE = %s,\n",
13528 convertTSFunction(fout, prsinfo->prsheadline));
9) At lines 13529 to 13530, in function dumpTSParser().
13529 appendPQExpBuffer(q, " LEXTYPES = %s );\n",
13530 convertTSFunction(fout, prsinfo->prslextype));
10) At lines 13665 to 13666, in function dumpTSTemplate().
13665 appendPQExpBuffer(q, " INIT = %s,\n",
13666 convertTSFunction(fout, tmplinfo->tmplinit));
11) At lines 13667 to 13668, in function dumpTSTemplate().
13667 appendPQExpBuffer(q, " LEXIZE = %s );\n",
13668 convertTSFunction(fout, tmplinfo->tmpllexize));
12) At lines 15011 to 15013, in function dumpTableSchema().
15011 appendPQExpBuffer(q, " OF %s",
15012 getFormattedTypeName(fout, tbinfo->reloftype,
15013 zeroIsError));
We believe we can fix the problems by adding a variable to store the chunk pointer and employing pg_free() to free it after invoking appendPQExpBuffer().
I'm looking forward to your confirmation.
Best,
Wentao
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2022-02-19 06:15:55 | Re: Report some potential memory leak bugs in pg_dump.c |
Previous Message | Andres Freund | 2022-02-18 17:51:19 | Re: pg_visibility's pg_check_visible() yields false positive when working in parallel with autovacuum |