From c410fcef85e6d1c19a5c17537ef14a896880fb20 Mon Sep 17 00:00:00 2001
From: Tatsuo Ishii <ishii@sraoss.co.jp>
Date: Sun, 15 Sep 2019 22:39:18 +0900
Subject: [PATCH] Fix segfault in certain case.

The scenario is something like:

1) a named statement is created.
2) DEALLOCATE removes it.
3) an erroneous query is executed.

In #2, "sent message" for the named statement is removed but
"uncompleted_message" is left. Then after #3, in ReadyForQuery()
uncompleted_message is added and removed. However, storage for the
uncompleted_message has been already freed in #2, and it causes a
segfault.

Fix is, in SimpleQuery() set NULL to uncompleted_message if it's not
PREPARE command so that ReadyForQuery() does not try to remove the
already removed message.

Per bug 546.

Here is a minimum test case.

'P'	"_plan0x7f2d465db530"	"SELECT 1"	0
'S'
'Y'
'Q'	"DEALLOCATE _plan0x7f2d465db530"
'Y'
'Q'	"CREATE INDEX users_auth_id_index ON non_existing_table ( auth_id )"
'Y'
'X'
---
 src/protocol/pool_proto_modules.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/protocol/pool_proto_modules.c b/src/protocol/pool_proto_modules.c
index deb01f4ee..eb2ae9dfe 100644
--- a/src/protocol/pool_proto_modules.c
+++ b/src/protocol/pool_proto_modules.c
@@ -604,6 +604,8 @@ SimpleQuery(POOL_CONNECTION * frontend,
 										   query_context);
 			session_context->uncompleted_message = msg;
 		}
+		else
+			session_context->uncompleted_message = NULL;
 	}
 
 
-- 
2.39.5