diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2019-03-24 15:13:21 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2019-03-24 15:13:21 -0400 |
| commit | 171baf18325e30997123e9d5cf3e1a81e3a3f484 (patch) | |
| tree | e77502cf196255afafd45f07df50e9240afd809e /contrib | |
| parent | cda5f6575306e50136a5f8ce3f76d9b2d772b738 (diff) | |
| download | postgresql-171baf18325e30997123e9d5cf3e1a81e3a3f484.tar.gz postgresql-171baf18325e30997123e9d5cf3e1a81e3a3f484.zip | |
Avoid double-free in vacuumlo error path.
The code would do "PQclear(res)" twice if lo_unlink failed, evidently
due to careless thinking about how far out a "break" would break.
Remove the extra PQclear and adjust the loop logic so that we'll fall
out of both levels of loop after an error, as was clearly the intent.
Spotted by Coverity. I have no idea why it took this long to notice,
since the bug has been there since commit 67ccbb080. Accordingly,
back-patch to all supported branches.
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/vacuumlo/vacuumlo.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c index fa51e33f5d4..ce5489f370b 100644 --- a/contrib/vacuumlo/vacuumlo.c +++ b/contrib/vacuumlo/vacuumlo.c @@ -311,7 +311,7 @@ vacuumlo(const char *database, const struct _param * param) deleted = 0; - while (1) + do { res = PQexec(conn, buf); if (PQresultStatus(res) != PGRES_TUPLES_OK) @@ -349,8 +349,7 @@ vacuumlo(const char *database, const struct _param * param) if (PQtransactionStatus(conn) == PQTRANS_INERROR) { success = false; - PQclear(res); - break; + break; /* out of inner for-loop */ } } else @@ -388,7 +387,7 @@ vacuumlo(const char *database, const struct _param * param) } PQclear(res); - } + } while (success); /* * That's all folks! |