From 99e414cacd063550d576cb9b1acac503157a3bce Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 24 Mar 2019 15:13:21 -0400 Subject: [PATCH] Avoid double-free in vacuumlo error path. The code would do "PQclear(res)" twice if lo_unlink failed, evidently due to careless thinking about how far out a "break" would break. Remove the extra PQclear and adjust the loop logic so that we'll fall out of both levels of loop after an error, as was clearly the intent. Spotted by Coverity. I have no idea why it took this long to notice, since the bug has been there since commit 67ccbb080. Accordingly, back-patch to all supported branches. --- contrib/vacuumlo/vacuumlo.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c index 10daa85445..324c8dc073 100644 --- a/contrib/vacuumlo/vacuumlo.c +++ b/contrib/vacuumlo/vacuumlo.c @@ -302,7 +302,7 @@ vacuumlo(const char *database, const struct _param * param) deleted = 0; - while (1) + do { res = PQexec(conn, buf); if (PQresultStatus(res) != PGRES_TUPLES_OK) @@ -340,8 +340,7 @@ vacuumlo(const char *database, const struct _param * param) if (PQtransactionStatus(conn) == PQTRANS_INERROR) { success = false; - PQclear(res); - break; + break; /* out of inner for-loop */ } } else @@ -379,7 +378,7 @@ vacuumlo(const char *database, const struct _param * param) } PQclear(res); - } + } while (success); /* * That's all folks! -- 2.50.0