Changeset: 6a3ce3f7d0d3 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=6a3ce3f7d0d3
Modified Files:
common/stream/stream.c
monetdb5/mal/mal.c
monetdb5/mal/mal_import.c
sql/backends/monet5/UDF/pyapi/type_conversion.c
sql/backends/monet5/sql_execute.c
sql/server/rel_updates.c
Branch: malerrors
Log Message:
leaks, memory overwrites, out of bounds reads
diffs (truncated from 316 to 300 lines):
diff --git a/common/stream/stream.c b/common/stream/stream.c
--- a/common/stream/stream.c
+++ b/common/stream/stream.c
@@ -5518,16 +5518,26 @@ stream_fwf_read(stream *s, void *buf, si
static void
stream_fwf_close(stream *s)
{
- if (strcmp(s->name, STREAM_FWF_NAME) == 0) {
+ if (strcmp(s->name, STREAM_FWF_NAME) == 0 && s->stream_data.p) {
stream_fwf_data *fsd = (stream_fwf_data*) s->stream_data.p;
mnstr_close(fsd->s);
+ mnstr_destroy(fsd->s);
free(fsd->widths);
free(fsd->in_buf);
free(fsd->out_buf);
free(fsd->nl_buf);
free(fsd);
- }
- // FIXME destroy(s);
+ s->stream_data.p = NULL;
+ }
+}
+
+static void
+stream_fwf_destroy(stream *s)
+{
+ if (s) {
+ stream_fwf_close(s);
+ destroy(s);
+ }
}
stream*
@@ -5549,12 +5559,16 @@ stream_fwf_create (stream *s, size_t num
}
fsd->in_buf = malloc(fsd->line_len);
if (!fsd->in_buf) {
+ mnstr_close(fsd->s);
+ mnstr_destroy(fsd->s);
free(fsd);
return NULL;
}
out_buf_len = fsd->line_len * 3;
fsd->out_buf = malloc(out_buf_len);
if (!fsd->out_buf) {
+ mnstr_close(fsd->s);
+ mnstr_destroy(fsd->s);
free(fsd->in_buf);
free(fsd);
return NULL;
@@ -5562,12 +5576,16 @@ stream_fwf_create (stream *s, size_t num
fsd->out_buf_remaining = 0;
fsd->nl_buf = malloc(1);
if (!fsd->nl_buf) {
+ mnstr_close(fsd->s);
+ mnstr_destroy(fsd->s);
free(fsd->in_buf);
free(fsd->out_buf);
free(fsd);
return NULL;
}
if ((ns = create_stream(STREAM_FWF_NAME)) == NULL) {
+ mnstr_close(fsd->s);
+ mnstr_destroy(fsd->s);
free(fsd->in_buf);
free(fsd->out_buf);
free(fsd->nl_buf);
@@ -5580,6 +5598,7 @@ stream_fwf_create (stream *s, size_t num
ns->flush = NULL;
ns->access = ST_READ;
ns->stream_data.p = fsd;
+ ns->destroy = stream_fwf_destroy;
return ns;
}
diff --git a/monetdb5/mal/mal.c b/monetdb5/mal/mal.c
--- a/monetdb5/mal/mal.c
+++ b/monetdb5/mal/mal.c
@@ -171,7 +171,7 @@ void mserver_reset(int exit)
mal_linker_reset();
mal_resource_reset();
mal_runtime_reset();
- mal_module_reset();
+ //mal_module_reset();
mal_atom_reset();
mdbExit();
GDKfree(mal_session_uuid);
diff --git a/monetdb5/mal/mal_import.c b/monetdb5/mal/mal_import.c
--- a/monetdb5/mal/mal_import.c
+++ b/monetdb5/mal/mal_import.c
@@ -233,7 +233,8 @@ malInclude(Client c, str name, int listi
*/
str
evalFile(str fname, int listing)
-{ Client c;
+{
+ Client c;
stream *fd;
str filename;
str msg = MAL_SUCCEED;
@@ -257,13 +258,14 @@ evalFile(str fname, int listing)
c->promptlength = 0;
c->listing = listing;
- if ( (msg = defaultScenario(c)) ) {
+ if ( (msg = defaultScenario(c)) ) {
MCcloseClient(c);
throw(MAL,"mal.eval","%s",msg);
}
MSinitClientPrg(c, "user", "main");
msg = runScenario(c,0);
+ MCcloseClient(c);
return msg;
}
diff --git a/sql/backends/monet5/UDF/pyapi/type_conversion.c
b/sql/backends/monet5/UDF/pyapi/type_conversion.c
--- a/sql/backends/monet5/UDF/pyapi/type_conversion.c
+++ b/sql/backends/monet5/UDF/pyapi/type_conversion.c
@@ -25,14 +25,14 @@
bool string_copy(char *source, char *dest, size_t max_size, bool allow_unicode)
{
size_t i;
- for (i = 0; i < max_size; i++) {
+ for (i = 0; i < max_size-1; i++) {
dest[i] = source[i];
if (dest[i] == 0)
return TRUE;
if (!allow_unicode && source[i] & 0x80)
return FALSE;
}
- dest[max_size] = '\0';
+ dest[max_size-1] = '\0';
return TRUE;
}
@@ -83,6 +83,7 @@ str pyobject_to_str(PyObject **ptr, size
PyObject *obj;
str msg = MAL_SUCCEED;
str utf8_string = NULL;
+ size_t len = 0;
(void)maxsize;
@@ -94,7 +95,7 @@ str pyobject_to_str(PyObject **ptr, size
utf8_string = *value;
if (!utf8_string) {
- utf8_string = (str)malloc(pyobject_get_size(obj) *
sizeof(char));
+ utf8_string = (str)malloc(len = (pyobject_get_size(obj) *
sizeof(char)));
if (!utf8_string) {
msg = createException(MAL, "pyapi.eval",
"SQLSTATE
HY001 !"MAL_MALLOC_FAIL "python string");
@@ -106,7 +107,7 @@ str pyobject_to_str(PyObject **ptr, size
#ifndef IS_PY3K
if (PyString_CheckExact(obj)) {
char *str = ((PyStringObject *)obj)->ob_sval;
- if (!string_copy(str, utf8_string, strlen(str) + 1, false)) {
+ if (!string_copy(str, utf8_string, len, false)) {
msg = createException(MAL, "pyapi.eval",
"SQLSTATE
PY000 !""Invalid string encoding used. Please return "
"a regular
ASCII string, or a Numpy_Unicode "
@@ -117,7 +118,7 @@ str pyobject_to_str(PyObject **ptr, size
#endif
if (PyByteArray_CheckExact(obj)) {
char *str = ((PyByteArrayObject *)obj)->ob_bytes;
- if (!string_copy(str, utf8_string, strlen(str) + 1, false)) {
+ if (!string_copy(str, utf8_string, len, false)) {
msg = createException(MAL, "pyapi.eval",
"SQLSTATE
PY000 !""Invalid string encoding used. Please return "
"a regular
ASCII string, or a Numpy_Unicode "
@@ -134,7 +135,7 @@ str pyobject_to_str(PyObject **ptr, size
#endif
#else
char *str = PyUnicode_AsUTF8(obj);
- if (!string_copy(str, utf8_string, strlen(str) + 1, true)) {
+ if (!string_copy(str, utf8_string, len, true)) {
msg = createException(MAL, "pyapi.eval",
"SQLSTATE
PY000 !""Invalid string encoding used. Please return "
"a regular
ASCII string, or a Numpy_Unicode "
diff --git a/sql/backends/monet5/sql_execute.c
b/sql/backends/monet5/sql_execute.c
--- a/sql/backends/monet5/sql_execute.c
+++ b/sql/backends/monet5/sql_execute.c
@@ -267,7 +267,8 @@ SQLexecutePrepared(Client c, backend *be
}
static str
-SQLrun(Client c, backend *be, mvc *m){
+SQLrun(Client c, backend *be, mvc *m)
+{
str msg= MAL_SUCCEED;
MalBlkPtr mc = 0, mb=c->curprg->def;
InstrPtr p=0;
@@ -495,7 +496,6 @@ SQLstatementIntern(Client c, str *expr,
c->sqlcontext = sql;
while (msg == MAL_SUCCEED && m->scanner.rs->pos < m->scanner.rs->len) {
sql_rel *r;
- MalStkPtr oldglb = c->glb;
if (!m->sa)
m->sa = sa_create();
@@ -516,8 +516,6 @@ SQLstatementIntern(Client c, str *expr,
execute = 0;
if (!err)
continue;
- assert(c->glb == 0 || c->glb == oldglb); /*
detect leak */
- c->glb = oldglb;
goto endofcompile;
}
@@ -549,8 +547,6 @@ SQLstatementIntern(Client c, str *expr,
freeVariables(c, c->curprg->def, c->glb, oldvtop);
c->curprg->def->errors = 0;
- assert(c->glb == 0 || c->glb == oldglb); /*
detect leak */
- c->glb = oldglb;
goto endofcompile;
}
/* generate MAL code */
@@ -565,11 +561,9 @@ SQLstatementIntern(Client c, str *expr,
mnstr_printf(c->fdout, "#SQLstatement:post-compile\n");
printFunction(c->fdout, c->curprg->def, 0, LIST_MAL_NAME |
LIST_MAL_VALUE | LIST_MAL_MAPI);
#endif
- msg =SQLoptimizeFunction(c, c->curprg->def);
- if( msg)
- goto endofcompile;
+ msg = SQLoptimizeFunction(c, c->curprg->def);
- if (err ||c->curprg->def->errors) {
+ if (err || c->curprg->def->errors || msg) {
/* restore the state */
MSresetInstructions(c->curprg->def, oldstop);
freeVariables(c, c->curprg->def, c->glb, oldvtop);
@@ -581,8 +575,6 @@ SQLstatementIntern(Client c, str *expr,
msg = createException(PARSE,
"SQLparser", "SQLSTATE 42000 !""%s", m->errstr);
*m->errstr = 0;
}
- assert(c->glb == 0 || c->glb == oldglb); /*
detect leak */
- c->glb = oldglb;
goto endofcompile;
}
#ifdef _SQL_COMPILE
@@ -637,16 +629,11 @@ SQLstatementIntern(Client c, str *expr,
}
if (!execute) {
- assert(c->glb == 0 || c->glb == oldglb); /*
detect leak */
- c->glb = oldglb;
goto endofcompile;
}
#ifdef _SQL_COMPILE
mnstr_printf(c->fdout, "#parse/execute result %d\n", err);
#endif
- assert(c->glb == 0 || c->glb == oldglb || (c->glb && oldglb ==
0)); /* detect leak */
- c->glb = oldglb;
-
}
if (m->results) {
if (result) { /* return all results sets */
@@ -695,7 +682,6 @@ str
SQLengineIntern(Client c, backend *be)
{
str msg = MAL_SUCCEED;
- MalStkPtr oldglb = c->glb;
char oldlang = be->language;
mvc *m = be->mvc;
@@ -726,8 +712,6 @@ SQLengineIntern(Client c, backend *be)
if (m->emode == m_prepare)
goto cleanup_engine;
- assert(c->glb == 0 || c->glb == oldglb); /* detect leak */
- c->glb = 0;
be->language = 'D';
/*
* The code below is copied from MALengine, which handles execution
@@ -771,8 +755,6 @@ cleanup_engine:
* Any error encountered during execution should block further
processing
* unless auto_commit has been set.
*/
- assert(c->glb == 0 || c->glb == oldglb); /* detect leak */
- c->glb = oldglb;
return msg;
}
@@ -804,7 +786,6 @@ RAstatement(Client c, MalBlkPtr mb, MalS
if (rel) {
int oldvtop = c->curprg->def->vtop;
int oldstop = c->curprg->def->stop;
- MalStkPtr oldglb = c->glb;
if (*opt)
rel = rel_optimizer(m, rel);
@@ -824,10 +805,7 @@ RAstatement(Client c, MalBlkPtr mb, MalS
if (!msg) {
resetMalBlk(c->curprg->def, oldstop);
freeVariables(c, c->curprg->def, NULL, oldvtop);
- if( !(c->glb == 0 || c->glb == oldglb))
- msg= createException(MAL,"sql","global stack
leakage"); /* detect leak */
}
_______________________________________________
checkin-list mailing list
[email protected]
https://www.monetdb.org/mailman/listinfo/checkin-list
