Skip to content

Commit 99e414c

Browse files
tglsfdctglsfdc
committed
Avoid double-free in vacuumlo error path.
The code would do "PQclear(res)" twice if lo_unlink failed, evidently due to careless thinking about how far out a "break" would break. Remove the extra PQclear and adjust the loop logic so that we'll fall out of both levels of loop after an error, as was clearly the intent. Spotted by Coverity. I have no idea why it took this long to notice, since the bug has been there since commit 67ccbb0. Accordingly, back-patch to all supported branches.
1 parent d1166af commit 99e414c

File tree

1 file changed

+3
-4
lines changed

1 file changed

+3
-4
lines changed

contrib/vacuumlo/vacuumlo.c

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -302,7 +302,7 @@ vacuumlo(const char *database, const struct _param * param)
302302

303303
deleted = 0;
304304

305-
while (1)
305+
do
306306
{
307307
res = PQexec(conn, buf);
308308
if (PQresultStatus(res) != PGRES_TUPLES_OK)
@@ -340,8 +340,7 @@ vacuumlo(const char *database, const struct _param * param)
340340
if (PQtransactionStatus(conn) == PQTRANS_INERROR)
341341
{
342342
success = false;
343-
PQclear(res);
344-
break;
343+
break; /* out of inner for-loop */
345344
}
346345
}
347346
else
@@ -379,7 +378,7 @@ vacuumlo(const char *database, const struct _param * param)
379378
}
380379

381380
PQclear(res);
382-
}
381+
} while (success);
383382

384383
/*
385384
* That's all folks!

0 commit comments

Comments
 (0)