ECPG: store own copy of the prepared statement name
Hi,
the attached patch makes ECPG more robust
against applications that free() strings by storing
its own copy of the prepared statement name.
Best regards,
Zolt�n B�sz�rm�nyi
--
Bible has answers for everything. Proof:
"But let your communication be, Yea, yea; Nay, nay: for whatsoever is more
than these cometh of evil." (Matthew 5:37) - basics of digital technology.
"May your kingdom come" - superficial description of plate tectonics
----------------------------------
Zolt�n B�sz�rm�nyi
Cybertec Sch�nig & Sch�nig GmbH
http://www.postgresql.at/
Attachments:
5-pg85-prepared-name-owned-1-ctxdiff.patchtext/x-patch; name=5-pg85-prepared-name-owned-1-ctxdiff.patchDownload
*** pgsql.4/src/interfaces/ecpg/ecpglib/prepare.c~ 2009-10-14 15:34:46.000000000 +0200
--- pgsql.4/src/interfaces/ecpg/ecpglib/prepare.c 2009-10-14 15:34:46.000000000 +0200
***************
*** 152,158 ****
replace_variables(&(stmt->command), lineno);
/* add prepared statement to our list */
! this->name = (char *) name;
this->stmt = stmt;
/* and finally really prepare the statement */
--- 152,158 ----
replace_variables(&(stmt->command), lineno);
/* add prepared statement to our list */
! this->name = strdup(name);
this->stmt = stmt;
/* and finally really prepare the statement */
***************
*** 160,165 ****
--- 160,166 ----
if (!ecpg_check_PQresult(query, stmt->lineno, stmt->connection->connection, stmt->compat))
{
ecpg_free(stmt->command);
+ ecpg_free(this->name);
ecpg_free(this);
ecpg_free(stmt);
return false;
***************
*** 238,243 ****
--- 239,245 ----
/* okay, free all the resources */
ecpg_free(this->stmt->command);
ecpg_free(this->stmt);
+ ecpg_free(this->name);
if (prev != NULL)
prev->next = this->next;
else
On Wed, Oct 14, 2009 at 06:37:43PM +0200, Boszormenyi Zoltan wrote:
the attached patch makes ECPG more robust
against applications that free() strings by storing
its own copy of the prepared statement name.
Please do not call strdup() directly in libecpg. Instead please use
ecpg_strdup() which does all the error handling needed. I changed this and
committed the patch. Thanks.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
ICQ: 179140304, AIM/Yahoo/Skype: michaelmeskes, Jabber: meskes@jabber.org
Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL!
Michael Meskes �rta:
On Wed, Oct 14, 2009 at 06:37:43PM +0200, Boszormenyi Zoltan wrote:
the attached patch makes ECPG more robust
against applications that free() strings by storing
its own copy of the prepared statement name.Please do not call strdup() directly in libecpg. Instead please use
ecpg_strdup() which does all the error handling needed. I changed this and
committed the patch. Thanks.Michael
Thanks, I will keep it in mind.
Best regards,
Zolt�n B�sz�rm�nyi
--
Bible has answers for everything. Proof:
"But let your communication be, Yea, yea; Nay, nay: for whatsoever is more
than these cometh of evil." (Matthew 5:37) - basics of digital technology.
"May your kingdom come" - superficial description of plate tectonics
----------------------------------
Zolt�n B�sz�rm�nyi
Cybertec Sch�nig & Sch�nig GmbH
http://www.postgresql.at/