diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2015-09-18 13:55:17 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2015-09-18 13:55:17 -0400 |
| commit | f7d896ab919af6ef74117c6121443721902beba3 (patch) | |
| tree | 21ac0f26d81601fe17ccb86fdf3ca97157b2fd31 | |
| parent | 5ed2d2cba8823670392400bc6663ff2dbd260292 (diff) | |
| download | postgresql-f7d896ab919af6ef74117c6121443721902beba3.tar.gz postgresql-f7d896ab919af6ef74117c6121443721902beba3.zip | |
Fix low-probability memory leak in regex execution.
After an internal failure in shortest() or longest() while pinning down the
exact location of a match, find() forgot to free the DFA structure before
returning. This is pretty unlikely to occur, since we just successfully
ran the "search" variant of the DFA; but it could happen, and it would
result in a session-lifespan memory leak since this code uses malloc()
directly. Problem seems to have been aboriginal in Spencer's library,
so back-patch all the way.
In passing, correct a thinko in a comment I added awhile back about the
meaning of the "ntree" field.
I happened across these issues while comparing our code to Tcl's version
of the library.
| -rw-r--r-- | src/backend/regex/regcomp.c | 2 | ||||
| -rw-r--r-- | src/backend/regex/regexec.c | 6 | ||||
| -rw-r--r-- | src/include/regex/regguts.h | 2 |
3 files changed, 7 insertions, 3 deletions
diff --git a/src/backend/regex/regcomp.c b/src/backend/regex/regcomp.c index 44a472fa69e..5f1e3c5a1a6 100644 --- a/src/backend/regex/regcomp.c +++ b/src/backend/regex/regcomp.c @@ -228,7 +228,7 @@ struct vars struct subre *tree; /* subexpression tree */ struct subre *treechain; /* all tree nodes allocated */ struct subre *treefree; /* any free tree nodes */ - int ntree; /* number of tree nodes */ + int ntree; /* number of tree nodes, plus one */ struct cvec *cv; /* interface cvec */ struct cvec *cv2; /* utility cvec */ struct subre *lacons; /* lookahead-constraint vector */ diff --git a/src/backend/regex/regexec.c b/src/backend/regex/regexec.c index 5e78f8149c8..b4a3dc3ab40 100644 --- a/src/backend/regex/regexec.c +++ b/src/backend/regex/regexec.c @@ -348,7 +348,11 @@ find(struct vars * v, (chr **) NULL, &hitend); else end = longest(v, d, begin, v->stop, &hitend); - NOERR(); + if (ISERR()) + { + freedfa(d); + return v->err; + } if (hitend && cold == NULL) cold = begin; if (end != NULL) diff --git a/src/include/regex/regguts.h b/src/include/regex/regguts.h index 7d5d85577d6..a2f1483a010 100644 --- a/src/include/regex/regguts.h +++ b/src/include/regex/regguts.h @@ -465,7 +465,7 @@ struct guts size_t nsub; /* copy of re_nsub */ struct subre *tree; struct cnfa search; /* for fast preliminary search */ - int ntree; /* number of subre's, less one */ + int ntree; /* number of subre's, plus one */ struct colormap cmap; int FUNCPTR(compare, (const chr *, const chr *, size_t)); struct subre *lacons; /* lookahead-constraint vector */ |