BUG #18981: Fault tolerance and improvement for xmltotext_with_options (xml.c)
The following bug has been logged on the website:
Bug reference: 18981
Logged by: Dmitry Kovalenko
Email address: d.kovalenko@postgrespro.ru
PostgreSQL version: 18beta1
Operating system: any
Description:
Hello,
Please look at this code:
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L730
xmlerrcxt = pg_xml_init(PG_XML_STRICTNESS_ALL);
pg_xml_init uses palloc and may "raise an exception".
1)
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L1254
2)
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L1258
t it occurres we do not release 'doc' pointer and get memory leaks.
I offer to move a call of pg_xml_init in try{...}catch section
See this commit:
https://github.com/dmitry-lipetsk/postgres/commit/c66d2b05077a8d1f3057560303f3a82f7d717569
Also
Within PG_CATCH 'doc' is not NULL.
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L866-L867
It allocates before PG_TRY statement.
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L709
So, we can call xmlFreeDoc(doc) without a verification.
Thanks&Regards,
Dmitry Kovalenko
PG Bug reporting form <noreply@postgresql.org> writes:
Please look at this code:
https://github.com/postgres/postgres/blob/a27893df45ec5d8c657899202e9cf0b9a816fe2f/src/backend/utils/adt/xml.c#L730
xmlerrcxt = pg_xml_init(PG_XML_STRICTNESS_ALL);
pg_xml_init uses palloc and may "raise an exception".
Yup, we should cover that case.
Also
Within PG_CATCH 'doc' is not NULL.
Agreed. Pushed your fix with small editorialization.
regards, tom lane