Fix error handling with threads on OOM in ECPG connection logic

michaelpq · michaelpq · commit b589d212fdd7 · 2021-09-13T13:24:20.000+09:00
An out-of-memory failure happening when allocating the structures to store the connection parameter keywords and values would mess up with the set of connections saved, as on failure the pthread mutex would still be hold with the new connection object listed but free()'d. Rather than just unlocking the mutex, which would leave the static list of connections into an inconsistent state, move the allocation for the structures of the connection parameters before beginning the test manipulation. This ensures that the list of connections and the connection mutex remain consistent all the time in this code path. This error is unlikely going to happen, but this could mess up badly with ECPG clients in surprising ways, so backpatch all the way down. Reported-by: ryancaicse Discussion: https://postgr.es/m/17186-b4cfd8f0eb4d1dee@postgresql.org Backpatch-through: 9.6
diff --git a/src/interfaces/ecpg/ecpglib/connect.c b/src/interfaces/ecpg/ecpglib/connect.c
@@ -484,37 +484,10 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 	else
 		realname = NULL;
 
-	/* add connection to our list */
-#ifdef ENABLE_THREAD_SAFETY
-	pthread_mutex_lock(&connections_mutex);
-#endif
-	if (connection_name != NULL)
-		this->name = ecpg_strdup(connection_name, lineno);
-	else
-		this->name = ecpg_strdup(realname, lineno);
-
-	this->cache_head = NULL;
-	this->prep_stmts = NULL;
-
-	if (all_connections == NULL)
-		this->next = NULL;
-	else
-		this->next = all_connections;
-
-	all_connections = this;
-#ifdef ENABLE_THREAD_SAFETY
-	pthread_setspecific(actual_connection_key, all_connections);
-#endif
-	actual_connection = all_connections;
-
-	ecpg_log("ECPGconnect: opening database %s on %s port %s %s%s %s%s\n",
-			 realname ? realname : "<DEFAULT>",
-			 host ? host : "<DEFAULT>",
-			 port ? (ecpg_internal_regression_mode ? "<REGRESSION_PORT>" : port) : "<DEFAULT>",
-			 options ? "with options " : "", options ? options : "",
-			 (user && strlen(user) > 0) ? "for user " : "", user ? user : "");
-
-	/* count options (this may produce an overestimate, it's ok) */
+	/*
+	 * Count options for the allocation done below (this may produce an
+	 * overestimate, it's ok).
+	 */
 	if (options)
 		for (i = 0; options[i]; i++)
 			if (options[i] == '=')
@@ -525,7 +498,11 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 	if (passwd && strlen(passwd) > 0)
 		connect_params++;
 
-	/* allocate enough space for all connection parameters */
+	/*
+	 * Allocate enough space for all connection parameters.  These allocations
+	 * are done before manipulating the list of connections to ease the error
+	 * handling on failure.
+	 */
 	conn_keywords = (const char **) ecpg_alloc((connect_params + 1) * sizeof(char *), lineno);
 	conn_values = (const char **) ecpg_alloc(connect_params * sizeof(char *), lineno);
 	if (conn_keywords == NULL || conn_values == NULL)
@@ -548,6 +525,36 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 		return false;
 	}
 
+	/* add connection to our list */
+#ifdef ENABLE_THREAD_SAFETY
+	pthread_mutex_lock(&connections_mutex);
+#endif
+	if (connection_name != NULL)
+		this->name = ecpg_strdup(connection_name, lineno);
+	else
+		this->name = ecpg_strdup(realname, lineno);
+
+	this->cache_head = NULL;
+	this->prep_stmts = NULL;
+
+	if (all_connections == NULL)
+		this->next = NULL;
+	else
+		this->next = all_connections;
+
+	all_connections = this;
+#ifdef ENABLE_THREAD_SAFETY
+	pthread_setspecific(actual_connection_key, all_connections);
+#endif
+	actual_connection = all_connections;
+
+	ecpg_log("ECPGconnect: opening database %s on %s port %s %s%s %s%s\n",
+			 realname ? realname : "<DEFAULT>",
+			 host ? host : "<DEFAULT>",
+			 port ? (ecpg_internal_regression_mode ? "<REGRESSION_PORT>" : port) : "<DEFAULT>",
+			 options ? "with options " : "", options ? options : "",
+			 (user && strlen(user) > 0) ? "for user " : "", user ? user : "");
+
 	i = 0;
 	if (realname)
 	{
