Обсуждение: ECPG: store own copy of the prepared statement name
Hi, the attached patch makes ECPG more robust against applications that free() strings by storing its own copy of the prepared statement name. Best regards, Zoltán Böszörményi -- Bible has answers for everything. Proof: "But let your communication be, Yea, yea; Nay, nay: for whatsoever is more than these cometh of evil." (Matthew 5:37) - basics of digital technology. "May your kingdom come" - superficial description of plate tectonics ---------------------------------- Zoltán Böszörményi Cybertec Schönig & Schönig GmbH http://www.postgresql.at/ *** pgsql.4/src/interfaces/ecpg/ecpglib/prepare.c~ 2009-10-14 15:34:46.000000000 +0200 --- pgsql.4/src/interfaces/ecpg/ecpglib/prepare.c 2009-10-14 15:34:46.000000000 +0200 *************** *** 152,158 **** replace_variables(&(stmt->command), lineno); /* add prepared statement to our list */ ! this->name = (char *) name; this->stmt = stmt; /* and finally really prepare the statement */ --- 152,158 ---- replace_variables(&(stmt->command), lineno); /* add prepared statement to our list */ ! this->name = strdup(name); this->stmt = stmt; /* and finally really prepare the statement */ *************** *** 160,165 **** --- 160,166 ---- if (!ecpg_check_PQresult(query, stmt->lineno, stmt->connection->connection, stmt->compat)) { ecpg_free(stmt->command); + ecpg_free(this->name); ecpg_free(this); ecpg_free(stmt); return false; *************** *** 238,243 **** --- 239,245 ---- /* okay, free all the resources */ ecpg_free(this->stmt->command); ecpg_free(this->stmt); + ecpg_free(this->name); if (prev != NULL) prev->next = this->next; else
On Wed, Oct 14, 2009 at 06:37:43PM +0200, Boszormenyi Zoltan wrote: > the attached patch makes ECPG more robust > against applications that free() strings by storing > its own copy of the prepared statement name. Please do not call strdup() directly in libecpg. Instead please use ecpg_strdup() which does all the error handling needed. I changed this and committed the patch. Thanks. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org ICQ: 179140304, AIM/Yahoo/Skype: michaelmeskes, Jabber: meskes@jabber.org Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL!
Michael Meskes írta: > On Wed, Oct 14, 2009 at 06:37:43PM +0200, Boszormenyi Zoltan wrote: > >> the attached patch makes ECPG more robust >> against applications that free() strings by storing >> its own copy of the prepared statement name. >> > > Please do not call strdup() directly in libecpg. Instead please use > ecpg_strdup() which does all the error handling needed. I changed this and > committed the patch. Thanks. > > Michael > Thanks, I will keep it in mind. Best regards, Zoltán Böszörményi -- Bible has answers for everything. Proof: "But let your communication be, Yea, yea; Nay, nay: for whatsoever is more than these cometh of evil." (Matthew 5:37) - basics of digital technology. "May your kingdom come" - superficial description of plate tectonics ---------------------------------- Zoltán Böszörményi Cybertec Schönig & Schönig GmbH http://www.postgresql.at/