Changeset: ebaed1607496 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=ebaed1607496
Modified Files:
monetdb5/extras/jaql/jaqlscenario.c
sql/backends/monet5/sql.mx
sql/backends/monet5/sql_scenario.c
Branch: Feb2013
Log Message:
Don't free variables on stack that wasn't used during execution.
Before the calls to freeVariables that are changed here, a call to
runMAL is done with a NULL fourth parameter. That NULL causes runMAL
to allocate and later free a fresh "glb" stack. This means that the
old "glb" stack is not involved in execution, and should therefore not
be freed. What's worse, the old stack may not be large enough, so
that freeVariables could cause out-of-bounds reads and writes with
potentially a crash as the end result.
(grafted from b5e67bbe18c8a9ae15a1723a3d0b1b61d9bdd856)
diffs (54 lines):
diff --git a/monetdb5/extras/jaql/jaqlscenario.c
b/monetdb5/extras/jaql/jaqlscenario.c
--- a/monetdb5/extras/jaql/jaqlscenario.c
+++ b/monetdb5/extras/jaql/jaqlscenario.c
@@ -318,7 +318,7 @@ JAQLengine(Client c)
}
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c, c->curprg->def, c->glb, j->vtop);
+ freeVariables(c, c->curprg->def, NULL, j->vtop);
assert(c->glb == 0 || c->glb == oldglb); /* detect leak */
c->glb = oldglb;
diff --git a/sql/backends/monet5/sql.mx b/sql/backends/monet5/sql.mx
--- a/sql/backends/monet5/sql.mx
+++ b/sql/backends/monet5/sql.mx
@@ -7840,7 +7840,7 @@ RAstatement(Client cntxt, MalBlkPtr mb,
msg = (str) runMAL(cntxt, cntxt->curprg->def, 0, 0);
if (!msg) {
resetMalBlk(cntxt->curprg->def, oldstop);
- freeVariables(cntxt,cntxt->curprg->def, cntxt->glb,
oldvtop);
+ freeVariables(cntxt,cntxt->curprg->def, NULL, oldvtop);
}
assert(cntxt->glb == 0 || cntxt->glb == oldglb); /* detect leak
*/
cntxt->glb = oldglb;
diff --git a/sql/backends/monet5/sql_scenario.c
b/sql/backends/monet5/sql_scenario.c
--- a/sql/backends/monet5/sql_scenario.c
+++ b/sql/backends/monet5/sql_scenario.c
@@ -1084,7 +1084,7 @@ SQLstatementIntern(Client c, str *expr,
sql->out = NULL; /* no output */
msg = (str) runMAL(c, c->curprg->def, 0, 0);
MSresetInstructions(c->curprg->def, oldstop);
- freeVariables(c,c->curprg->def, c->glb, oldvtop);
+ freeVariables(c,c->curprg->def, NULL, oldvtop);
}
sqlcleanup(m, 0);
if (!execute) {
@@ -1976,7 +1976,7 @@ cleanup_engine:
enum malexception type = getExceptionType(msg);
if (type == OPTIMIZER) {
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c,c->curprg->def, c->glb, be->vtop);
+ freeVariables(c,c->curprg->def, NULL, be->vtop);
be->language = oldlang;
assert(c->glb == 0 || c->glb == oldglb); /* detect leak
*/
c->glb = oldglb;
@@ -2012,7 +2012,7 @@ cleanup_engine:
be->q = NULL;
sqlcleanup(be->mvc, (!msg)?0:-1);
MSresetInstructions(c->curprg->def, 1);
- freeVariables(c,c->curprg->def, c->glb, be->vtop);
+ freeVariables(c,c->curprg->def, NULL, be->vtop);
be->language = oldlang;
/*
* Any error encountered during execution should block further
processing
_______________________________________________
checkin-list mailing list
[email protected]
http://mail.monetdb.org/mailman/listinfo/checkin-list
