Fix "unable to bind. cannot get parse message" error.

This was caused by too-eager memory free in parse_before_bind. It
called
pool_remove_sent_message/pool_create_sent_message/pool_add_sent_message
combo to replace the query context in the sent message. Unfortunately
pool_remove_sent_message free memory such as statement name, which was
being passed by caller. As a result, the new sent message created by
pool_create_sent_message pointed to freed statement name, which may
make a search by statement name fail because now the statement name in
the sent message points to freed memory area, which might be
overwritten by later memory allocation. Fix is, instead of calling
pool_remove_sent_message etc., just replace the query context in the
sent message.

Per bug 531.

diff --git a/src/protocol/pool_proto_modules.c b/src/protocol/pool_proto_modules.c
index fb779486da5ea0b809075d211a726586c93bce02..f69855842ae30b5f48e7b92558932462ca0ee108 100644 (file)
--- a/src/protocol/pool_proto_modules.c
+++ b/src/protocol/pool_proto_modules.c
@@ -3462,11 +3462,19 @@ static POOL_STATUS parse_before_bind(POOL_CONNECTION * frontend,
                        /* Replace the query context of bind message */
                        bind_message->query_context = new_qc;
 
+#ifdef NOT_USED
+                       /*
+                        * XXX  pool_remove_sent_message() will pfree memory allocated by "contents".
+                        */
+
                        /* Remove old sent message */
                        pool_remove_sent_message('P', contents);
                        /* Create and add sent message of this parse message */
                        msg = pool_create_sent_message('P', len, contents, 0, contents, new_qc);
                        pool_add_sent_message(msg);
+#endif
+                       /* Replace the query context of parse message */
+                       message->query_context = new_qc;
 
                        return POOL_CONTINUE;
                }