From a39331fa573fc2bd6f93322ff190da26ddc477b5 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 18 Sep 2015 13:55:17 -0400 Subject: Fix low-probability memory leak in regex execution. After an internal failure in shortest() or longest() while pinning down the exact location of a match, find() forgot to free the DFA structure before returning. This is pretty unlikely to occur, since we just successfully ran the "search" variant of the DFA; but it could happen, and it would result in a session-lifespan memory leak since this code uses malloc() directly. Problem seems to have been aboriginal in Spencer's library, so back-patch all the way. In passing, correct a thinko in a comment I added awhile back about the meaning of the "ntree" field. I happened across these issues while comparing our code to Tcl's version of the library. --- src/backend/regex/regcomp.c | 2 +- src/backend/regex/regexec.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/backend/regex') diff --git a/src/backend/regex/regcomp.c b/src/backend/regex/regcomp.c index 44a472fa69e..5f1e3c5a1a6 100644 --- a/src/backend/regex/regcomp.c +++ b/src/backend/regex/regcomp.c @@ -228,7 +228,7 @@ struct vars struct subre *tree; /* subexpression tree */ struct subre *treechain; /* all tree nodes allocated */ struct subre *treefree; /* any free tree nodes */ - int ntree; /* number of tree nodes */ + int ntree; /* number of tree nodes, plus one */ struct cvec *cv; /* interface cvec */ struct cvec *cv2; /* utility cvec */ struct subre *lacons; /* lookahead-constraint vector */ diff --git a/src/backend/regex/regexec.c b/src/backend/regex/regexec.c index 5e78f8149c8..b4a3dc3ab40 100644 --- a/src/backend/regex/regexec.c +++ b/src/backend/regex/regexec.c @@ -348,7 +348,11 @@ find(struct vars * v, (chr **) NULL, &hitend); else end = longest(v, d, begin, v->stop, &hitend); - NOERR(); + if (ISERR()) + { + freedfa(d); + return v->err; + } if (hitend && cold == NULL) cold = begin; if (end != NULL) -- cgit v1.2.3