MonetDB: Feb2013 - SQLstatementIntern(): fixed bug that caused s...

Stefan Manegold Fri, 26 Jul 2013 06:55:37 -0700

Changeset: d83d7b8458d2 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=d83d7b8458d2
Modified Files:
        sql/backends/monet5/sql_scenario.c
Branch: Feb2013
Log Message:


SQLstatementIntern(): fixed bug that caused segfaults (double free) with SciQL 
use case:

We must not free (_DELETE()) the global variable stack (c->glb)
in SQLstatementIntern() (even if MSinitClientPrg() clears it unconditionally)
because some calling function might hold and restore a backup (pointer)
eventually resulting in a double-free.

Instead, also in SQLstatementIntern(), we keep a local backup of c->glb
before calling MSinitClientPrg() and restore it afterwards.


diffs (62 lines):

diff --git a/sql/backends/monet5/sql_scenario.c 
b/sql/backends/monet5/sql_scenario.c
--- a/sql/backends/monet5/sql_scenario.c
+++ b/sql/backends/monet5/sql_scenario.c
@@ -1007,6 +1007,7 @@ SQLstatementIntern(Client c, str *expr, 
                sql_rel *r;
                stmt *s;
                int oldvtop, oldstop;
+               MalStkPtr oldglb = c->glb;
 
                if (!m->sa)
                        m->sa = sa_create();
@@ -1023,6 +1024,7 @@ SQLstatementIntern(Client c, str *expr, 
                        execute = 0;
                        if (!err)
                                continue;
+                       c->glb = oldglb;
                        goto endofcompile;
                }
 
@@ -1033,10 +1035,6 @@ SQLstatementIntern(Client c, str *expr, 
                 * optimize and produce code.
                 * We don;t search the cache for a previous incarnation yet.
                 */
-               if (c->glb) {
-                       /* MSinitClientPrg clears c->glb, so free it here */
-                       _DELETE(c->glb);
-               }
                MSinitClientPrg(c,"user",nme);
                oldvtop = c->curprg->def->vtop;
                oldstop = c->curprg->def->stop;
@@ -1054,6 +1052,7 @@ SQLstatementIntern(Client c, str *expr, 
                        MSresetInstructions(c->curprg->def, oldstop);
                        freeVariables(c,c->curprg->def, c->glb, oldvtop);
                        c->curprg->def->errors = 0;
+                       c->glb = oldglb;
                        goto endofcompile;
                }
                /* generate MAL code */
@@ -1068,6 +1067,7 @@ SQLstatementIntern(Client c, str *expr, 
                        freeVariables(c,c->curprg->def, c->glb, oldvtop);
                        c->curprg->def->errors = 0;
                        msg = createException(SQL, "SQLparser","Errors 
encountered in query");
+                       c->glb = oldglb;
                        goto endofcompile;
                }
 
@@ -1084,11 +1084,14 @@ SQLstatementIntern(Client c, str *expr, 
                        freeVariables(c,c->curprg->def, c->glb, oldvtop);
                }
                sqlcleanup(m, 0);
-               if (!execute)
+               if (!execute) {
+                       c->glb = oldglb;
                        goto endofcompile;
+               }
 #ifdef _SQL_COMPILE
        mnstr_printf(c->fdout, "#parse/execute result %d\n", err);
 #endif
+               c->glb = oldglb;
        }
 /*
  * @-
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
http://mail.monetdb.org/mailman/listinfo/checkin-list

MonetDB: Feb2013 - SQLstatementIntern(): fixed bug that caused s...

Reply via email to