Use after free? in fe-connect.c:closePGconn

Hi,
Postgresql 9.5.3 32 bits
client 32bits libpq.dll with libpq.pdb

All calls of PQfinish is protected by:
if (conn != NULL) {
PQfinish(conn);
}

In [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c,
closePGconn(PGconn *conn):
Does not check if conn is NULL.

Use after free?

Best regards,

Ranier

----------------------------------------------------------------------------------------------------------------
Error #1: UNINITIALIZED READ: reading 0x0012fbb4-0x0012fbbb 7 byte(s) within 0x0012fb78-0x0012fbbb
# 0 system call NtCreateFile parameter #9
# 1 ntdll.dll!ZwCreateFile +0xb (0x7c90d09c <ntdll.dll+0xd09c>)
# 2 MSWSOCK.dll!? +0x0 (0x71a149c0 <MSWSOCK.dll+0x49c0>)
# 3 WS2_32.dll!WSASocketW +0x9c (0x71a740eb <WS2_32.dll+0x40eb>)
# 4 ngx_open_listening_sockets [c:\msys\1.0\nginx-1.10\src\core\ngx_connection.c:448]
# 5 ngx_init_cycle [c:\msys\1.0\nginx-1.10\src\core\ngx_cycle.c:609]
# 6 main [c:\msys\1.0\nginx-1.10\src\core\nginx.c:276]
Note: @0:00:03.954 in thread 3124

Error #2: UNADDRESSABLE ACCESS of freed memory: reading 0x020afd3c-0x020afd40 4 byte(s)
# 0 LIBPQ.dll!closePGconn [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:2957]
# 1 LIBPQ.dll!PQfinish [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:3055]
# 2 dbd_pgsql_close [c:\usr\src\dbd\postgresql\dbd_pgsql.c:279]
# 3 dbd_pgsql_cleanup [c:\usr\src\dbd\postgresql\dbd_pgsql.c:297]
# 4 ngx_destroy_pool [c:\msys\1.0\nginx-1.10\src\core\ngx_palloc.c:57]
# 5 ngx_master_process_exit [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:562]
# 6 ngx_master_process_cycle [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:235]
# 7 main [c:\msys\1.0\nginx-1.10\src\core\nginx.c:367]
Note: @8:39:35.860 in thread 3124
Note: prev lower malloc: 0x020afcf8-0x020afd08
Note: 0x020afd3c-0x020afd40 overlaps memory 0x020afd28-0x020b0d28 that was freed here:
Note: # 0 replace_free [d:\drmemory_package\common\alloc_replace.c:2706]
Note: # 1 ngx_hash_init [c:\msys\1.0\nginx-1.10\src\core\ngx_hash.c:426]
Note: # 2 ngx_http_merge_types [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:2089]
Note: # 3 ngx_http_gzip_merge_conf [c:\msys\1.0\nginx-1.10\src\http\modules\ngx_http_gzip_filter_module.c:1168]
Note: # 4 ngx_http_merge_servers [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:596]
Note: # 5 ngx_http_block [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:268]
Note: instruction: cmp 0x000000b4(%esi) $0xffffffff

Error #3: UNADDRESSABLE ACCESS beyond heap bounds: reading 0x020afd10-0x020afd14 4 byte(s)
# 0 LIBPQ.dll!closePGconn [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:2957]
# 1 LIBPQ.dll!PQfinish [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:3055]
# 2 dbd_pgsql_close [c:\usr\src\dbd\postgresql\dbd_pgsql.c:279]
# 3 dbd_pgsql_cleanup [c:\usr\src\dbd\postgresql\dbd_pgsql.c:297]
# 4 ngx_destroy_pool [c:\msys\1.0\nginx-1.10\src\core\ngx_palloc.c:57]
# 5 ngx_master_process_exit [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:562]
# 6 ngx_master_process_cycle [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:235]
# 7 main [c:\msys\1.0\nginx-1.10\src\core\nginx.c:367]
Note: @8:39:35.954 in thread 3124
Note: prev lower malloc: 0x020afcf8-0x020afd08
Note: instruction: cmp 0x00000088(%esi) $0x00000000

Error #4: UNADDRESSABLE ACCESS of freed memory: writing 0x020afd2b-0x020afd2c 1 byte(s)
# 0 LIBPQ.dll!closePGconn [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:2974]
# 1 LIBPQ.dll!PQfinish [d:\pginstaller.auto\postgres.windows\src\interfaces\libpq\fe-connect.c:3055]
# 2 dbd_pgsql_close [c:\usr\src\dbd\postgresql\dbd_pgsql.c:279]
# 3 dbd_pgsql_cleanup [c:\usr\src\dbd\postgresql\dbd_pgsql.c:297]
# 4 ngx_destroy_pool [c:\msys\1.0\nginx-1.10\src\core\ngx_palloc.c:57]
# 5 ngx_master_process_exit [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:562]
# 6 ngx_master_process_cycle [c:\msys\1.0\nginx-1.10\src\os\win32\ngx_process_cycle.c:235]
# 7 main [c:\msys\1.0\nginx-1.10\src\core\nginx.c:367]
Note: @8:39:35.969 in thread 3124
Note: prev lower malloc: 0x020afcf8-0x020afd08
Note: 0x020afd2b-0x020afd2c overlaps memory 0x020afd28-0x020b0d28 that was freed here:
Note: # 0 replace_free [d:\drmemory_package\common\alloc_replace.c:2706]
Note: # 1 ngx_hash_init [c:\msys\1.0\nginx-1.10\src\core\ngx_hash.c:426]
Note: # 2 ngx_http_merge_types [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:2089]
Note: # 3 ngx_http_gzip_merge_conf [c:\msys\1.0\nginx-1.10\src\http\modules\ngx_http_gzip_filter_module.c:1168]
Note: # 4 ngx_http_merge_servers [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:596]
Note: # 5 ngx_http_block [c:\msys\1.0\nginx-1.10\src\http\ngx_http.c:268]
Note: instruction: mov $0x00 -> 0x000000a3(%esi)
-----------------------------------------------------------------------------------------------------------------------