On Thu, Jul 17, 2014 at 10:04 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> arthur.j.odwyer@gmail.com writes:
>> When MALLOC fails, pg_regcomp leaks memory in at least two places:
>
>> (A) In freev(), the line
>> freesubre(info, v, v->tree);
>> should be
>> freesubre(info, NULL, v->tree);
>> as otherwise the "freed" subres will end up on v->treefree, which is leaked
>> by the cleanst() two lines later.
>
> Hmm ... what version of the code are you looking at exactly? There's no
> "info" argument here in Postgres.
Ah, yes, we piped an "info" argument through all the places that call
MALLOC/FREE, so that compiling a regex wouldn't have to touch global
state. You can safely pretend I didn't write "info," there.
>> That is, given the precondition that there are things in v->tree that aren't
>> in v->treechain.
>
> The problem with this proposal is that if there are subres in v->tree
> that *are* in the treechain, we'll possibly try to free them twice
> (if they're not marked INUSE), and definitely will be accessing
> already-freed memory when cleanst looks at them.
Hmm. I think you're right --- I *think* the subres in v->tree are
INUSE by definition, so double-free isn't an issue, but cleanst will
definitely be looking at them after they've been freed, which is still
a bug. What if you just swap the order that freev() does cleanst() and
freesubre() so that the cleanst() happens first?
> It looks to me like there are two different operating regimes in this
> code: one where all the subres are still in the treechain, and one where
> we've marked as INUSE all the ones that are reachable from v->tree and
> garbage-collected the rest. The markst/cleanst steps in pg_regcomp are
> where the conversion is made. freev needs to work correctly either
> before or after that.
>
> In short, I think you're right that there's a bug here, but this is
> not a good fix for it. I'm not sure freev has enough info to do the
> right thing; we may need to rethink the data structure invariants,
> so that there's not two different ways to clean up.
Please keep me cc'ed and/or send me an email when there's an
"official" patch for this leak.
Thanks,
Arthur