From: Alvaro Herrera Date: Fri, 30 Jun 2006 15:06:16 +0000 (+0000) Subject: Fix use-after-free error reported by Neil Conway. X-Git-Url: http://waps.l3s.uni-hannover.de/gitweb/?a=commitdiff_plain;h=c69fa593d872ce264ae7adf0cc2000030107535d;p=users%2Fbernd%2Fpostgres.git Fix use-after-free error reported by Neil Conway. --- diff --git a/src/bin/psql/common.c b/src/bin/psql/common.c index 15aef5e0ab..e9530c70fe 100644 --- a/src/bin/psql/common.c +++ b/src/bin/psql/common.c @@ -1067,19 +1067,19 @@ SendQuery(const char *query) if (OK) OK = PrintQueryResults(results); - PQclear(results); - /* If we made a temporary savepoint, possibly release/rollback */ if (on_error_rollback_savepoint) { + PGresult *svptres; + transaction_status = PQtransactionStatus(pset.db); /* We always rollback on an error */ if (transaction_status == PQTRANS_INERROR) - results = PQexec(pset.db, "ROLLBACK TO pg_psql_temporary_savepoint"); + svptres = PQexec(pset.db, "ROLLBACK TO pg_psql_temporary_savepoint"); /* If they are no longer in a transaction, then do nothing */ else if (transaction_status != PQTRANS_INTRANS) - results = NULL; + svptres = NULL; else { /* @@ -1090,20 +1090,22 @@ SendQuery(const char *query) if (strcmp(PQcmdStatus(results), "SAVEPOINT") == 0 || strcmp(PQcmdStatus(results), "RELEASE") == 0 || strcmp(PQcmdStatus(results), "ROLLBACK") == 0) - results = NULL; + svptres = NULL; else - results = PQexec(pset.db, "RELEASE pg_psql_temporary_savepoint"); + svptres = PQexec(pset.db, "RELEASE pg_psql_temporary_savepoint"); } - if (PQresultStatus(results) != PGRES_COMMAND_OK) + if (svptres && PQresultStatus(svptres) != PGRES_COMMAND_OK) { psql_error("%s", PQerrorMessage(pset.db)); PQclear(results); + PQclear(svptres); ResetCancelConn(); return false; } - PQclear(results); } + PQclear(results); + /* Possible microtiming output */ if (OK && pset.timing) printf(_("Time: %.3f ms\n"), DIFF_MSEC(&after, &before));