It allocates buffer using realloc and uses the pointer
returned. However it does the pointer calculation *before* realloc
gets called. So the calculation uses the old pointer value, which
causes various problems including segfault later. It is surprising
that this bug was not found earlier because the bug was there since
the function was added. This is probably due to the fact that actual
pointer moving does not happen until certain amount of memory.
Also there were other problems with it. The buffer pointer and buffer
size variable is not initialized. The buffer is not freed by
pool_close. Typo in debugging message (3.4 or later only). They are
fixed as well.
* pgpool: a language independent connection pool server for PostgreSQL
* written by Tatsuo Ishii
*
-* Copyright (c) 2003-2013 PgPool Global Development Group
+* Copyright (c) 2003-2015 PgPool Global Development Group
*
* Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby
cp->sbufsz = 0;
cp->buf2 = NULL;
cp->bufsz2 = 0;
+ cp->buf3 = NULL;
+ cp->bufsz3 = 0;
cp->fd = fd;
return cp;
free(cp->sbuf);
if (cp->buf2)
free(cp->buf2);
+ if (cp->buf3)
+ free(cp->buf3);
pool_discard_params(&cp->params);
pool_ssl_close(cp);
}
else
{
- p = cp->buf3 + cp->bufsz3;
cp->buf3 = realloc(cp->buf3, cp->bufsz3 + len);
+ p = cp->buf3 + cp->bufsz3;
}
memcpy(p, data, len);
projects / pgpool2.git / commitdiff