Changeset: b5e67bbe18c8 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=b5e67bbe18c8
Modified Files:
monetdb5/extras/jaql/jaqlscenario.c
sql/backends/monet5/sql.mx
sql/backends/monet5/sql_scenario.c
Branch: default
Log Message:
Don't free variables on stack that wasn't used during execution.
Before the calls to freeVariables that are changed here, a call to
runMAL is done with a NULL fourth parameter. That NULL causes runMAL
to allocate and later free a fresh "glb" stack. This means that the
old "glb" stack is not involved in execution, and should therefore not
be freed. What's worse, the old stack may not be large enough, so
that freeVariables could cause out-of-bounds reads and writes with
potentially a crash as the end result.
diffs (54 lines):
diff --git a/monetdb5/extras/jaql/jaqlscenario.c
b/monetdb5/extras/jaql/jaqlscenario.c
--- a/monetdb5/extras/jaql/jaqlscenario.c
+++ b/monetdb5/extras/jaql/jaqlscenario.c
@@ -318,7 +318,7 @@ JAQLengine(Client c)
}
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c, c->curprg->def, c->glb, j->vtop);
+ freeVariables(c, c->curprg->def, NULL, j->vtop);
assert(c->glb == 0 || c->glb == oldglb); /* detect leak */
c->glb = oldglb;
diff --git a/sql/backends/monet5/sql.mx b/sql/backends/monet5/sql.mx
--- a/sql/backends/monet5/sql.mx
+++ b/sql/backends/monet5/sql.mx
@@ -7785,7 +7785,7 @@ RAstatement(Client cntxt, MalBlkPtr mb,
msg = (str) runMAL(cntxt, cntxt->curprg->def, 0, 0);
if (!msg) {
resetMalBlk(cntxt->curprg->def, oldstop);
- freeVariables(cntxt,cntxt->curprg->def, cntxt->glb,
oldvtop);
+ freeVariables(cntxt,cntxt->curprg->def, NULL, oldvtop);
}
assert(cntxt->glb == 0 || cntxt->glb == oldglb); /* detect leak
*/
cntxt->glb = oldglb;
diff --git a/sql/backends/monet5/sql_scenario.c
b/sql/backends/monet5/sql_scenario.c
--- a/sql/backends/monet5/sql_scenario.c
+++ b/sql/backends/monet5/sql_scenario.c
@@ -1208,7 +1208,7 @@ SQLstatementIntern(Client c, str *expr,
sql->out = NULL; /* no output */
msg = runMAL(c, mb, 0, 0);
MSresetInstructions(mb, oldstop);
- freeVariables(c, mb, c->glb, oldvtop);
+ freeVariables(c, mb, NULL, oldvtop);
}
sqlcleanup(m, 0);
if (!execute) {
@@ -2101,7 +2101,7 @@ cleanup_engine:
enum malexception type = getExceptionType(msg);
if (type == OPTIMIZER) {
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c,c->curprg->def, c->glb, be->vtop);
+ freeVariables(c,c->curprg->def, NULL, be->vtop);
be->language = oldlang;
assert(c->glb == 0 || c->glb == oldglb); /* detect leak
*/
c->glb = oldglb;
@@ -2138,7 +2138,7 @@ cleanup_engine:
be->q = NULL;
sqlcleanup(be->mvc, (!msg)?0:-1);
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c,c->curprg->def, c->glb, be->vtop);
+ freeVariables(c,c->curprg->def, NULL, be->vtop);
be->language = oldlang;
/*
* Any error encountered during execution should block further
processing
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
http://mail.monetdb.org/mailman/listinfo/checkin-list
