Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite0a2337

Browse files
committed
Fix two low-probability memory leaks in regular expression parsing.
If pg_regcomp failed after having invoked markst/cleanst, it would leak any"struct subre" nodes it had created. (We've already detected all regexsyntax errors at that point, so the only likely causes of later failurewould be query cancel or out-of-memory.) To fix, make sure freesrnodeknows the difference between the pre-cleanst and post-cleanst cleanupprocedures. Add some documentation of this less-than-obvious point.Also, newlacon did the wrong thing with an out-of-memory failure fromrealloc(), so that the previously allocated array would be leaked.Both of these are pretty low-probability scenarios, but a bug is a bug,so patch all the way back.Per bug #10976 from Arthur O'Dwyer.
1 parent4b76778 commite0a2337

File tree

1 file changed

+24
-7
lines changed

1 file changed

+24
-7
lines changed

‎src/backend/regex/regcomp.c

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1646,8 +1646,9 @@ freesrnode(struct vars * v,/* might be NULL */
16461646
freecnfa(&sr->cnfa);
16471647
sr->flags=0;
16481648

1649-
if (v!=NULL)
1649+
if (v!=NULL&&v->treechain!=NULL)
16501650
{
1651+
/* we're still parsing, maybe we can reuse the subre */
16511652
sr->left=v->treefree;
16521653
v->treefree=sr;
16531654
}
@@ -1693,6 +1694,20 @@ numst(struct subre * t,
16931694

16941695
/*
16951696
* markst - mark tree nodes as INUSE
1697+
*
1698+
* Note: this is a great deal more subtle than it looks. During initial
1699+
* parsing of a regex, all subres are linked into the treechain list;
1700+
* discarded ones are also linked into the treefree list for possible reuse.
1701+
* After we are done creating all subres required for a regex, we run markst()
1702+
* then cleanst(), which results in discarding all subres not reachable from
1703+
* v->tree. We then clear v->treechain, indicating that subres must be found
1704+
* by descending from v->tree. This changes the behavior of freesubre(): it
1705+
* will henceforth FREE() unwanted subres rather than sticking them into the
1706+
* treefree list. (Doing that any earlier would result in dangling links in
1707+
* the treechain list.) This all means that freev() will clean up correctly
1708+
* if invoked before or after markst()+cleanst(); but it would not work if
1709+
* called partway through this state conversion, so we mustn't error out
1710+
* in or between these two functions.
16961711
*/
16971712
staticvoid
16981713
markst(structsubre*t)
@@ -1790,25 +1805,27 @@ newlacon(struct vars * v,
17901805
intpos)
17911806
{
17921807
intn;
1808+
structsubre*newlacons;
17931809
structsubre*sub;
17941810

17951811
if (v->nlacons==0)
17961812
{
1797-
v->lacons= (structsubre*)MALLOC(2*sizeof(structsubre));
17981813
n=1;/* skip 0th */
1799-
v->nlacons=2;
1814+
newlacons=(structsubre*)MALLOC(2*sizeof(structsubre));
18001815
}
18011816
else
18021817
{
1803-
v->lacons=(structsubre*)REALLOC(v->lacons,
1804-
(v->nlacons+1)*sizeof(structsubre));
1805-
n=v->nlacons++;
1818+
n=v->nlacons;
1819+
newlacons=(structsubre*)REALLOC(v->lacons,
1820+
(n+1)*sizeof(structsubre));
18061821
}
1807-
if (v->lacons==NULL)
1822+
if (newlacons==NULL)
18081823
{
18091824
ERR(REG_ESPACE);
18101825
return0;
18111826
}
1827+
v->lacons=newlacons;
1828+
v->nlacons=n+1;
18121829
sub=&v->lacons[n];
18131830
sub->begin=begin;
18141831
sub->end=end;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp