database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-08 07:21:33 +03:00
Code

Fix out-of-memory handling in ecpglib.

Browse Source 
ecpg_build_params() would crash on a null pointer dereference if
realloc() failed, due to updating the persistent "stmt" struct
too aggressively.  (Even without the crash, this would've leaked
the old storage that we were trying to realloc.)

Per Coverity.  This seems to have been broken in commit 0cc050794,
so back-patch into v12.
This commit is contained in:
Tom Lane 2020-01-19 19:15:15 -05:00
parent 9c679a08f0
commit 44f1fc8df5
1 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/interfaces/ecpg/ecpglib/execute.c
View File

@ -1499,26 +1499,37 @@ ecpg_build_params(struct statement *stmt)
}
else
{
if (!(stmt->paramvalues = (char **) ecpg_realloc(stmt->paramvalues, sizeof(char *) * (stmt->nparams + 1), stmt->lineno)))
bool realloc_failed = false;
char **newparamvalues;
int *newparamlengths;
int *newparamformats;
/* enlarge all the param arrays */
if ((newparamvalues = (char **) ecpg_realloc(stmt->paramvalues, sizeof(char *) * (stmt->nparams + 1), stmt->lineno)))
stmt->paramvalues = newparamvalues;
else
realloc_failed = true;
if ((newparamlengths = (int *) ecpg_realloc(stmt->paramlengths, sizeof(int) * (stmt->nparams + 1), stmt->lineno)))
stmt->paramlengths = newparamlengths;
else
realloc_failed = true;
if ((newparamformats = (int *) ecpg_realloc(stmt->paramformats, sizeof(int) * (stmt->nparams + 1), stmt->lineno)))
stmt->paramformats = newparamformats;
else
realloc_failed = true;
if (realloc_failed)
{
ecpg_free_params(stmt, false);
ecpg_free(tobeinserted);
return false;
}
/* only now can we assign ownership of "tobeinserted" to stmt */
stmt->paramvalues[stmt->nparams] = tobeinserted;
if (!(stmt->paramlengths = (int *) ecpg_realloc(stmt->paramlengths, sizeof(int) * (stmt->nparams + 1), stmt->lineno)))
{
ecpg_free_params(stmt, false);
return false;
}
stmt->paramlengths[stmt->nparams] = binary_length;
if (!(stmt->paramformats = (int *) ecpg_realloc(stmt->paramformats, sizeof(int) * (stmt->nparams + 1), stmt->lineno)))
{
ecpg_free_params(stmt, false);
return false;
}
stmt->paramformats[stmt->nparams] = (binary_format ? 1 : 0);
stmt->nparams++;