Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#883 closed Defect (fixed)

Use-after-free bug in db/db_base.cpp

Reported by: gombasg Owned by: davea
Priority: Undetermined Milestone: Undetermined
Component: Server - Other Version: 6.6.20
Keywords: Cc:

Description

Hi,

valgrind caught an use-after-free bug in db_base.cpp; patch is attached.

Attachments (1)

diff (416 bytes) - added by gombasg 16 years ago.

Download all attachments as: .zip

Change History (6)

Changed 16 years ago by gombasg

Attachment: diff added

comment:1 Changed 16 years ago by davea

Resolution: worksforme
Status: newclosed

The result is freed, not the row.

comment:2 Changed 16 years ago by Nicolas

Then where is BOINC calling the function that frees the row?

comment:3 Changed 16 years ago by davea

rows are not dynamically allocated

comment:4 Changed 16 years ago by Nicolas

A MYSQL_ROW is a typedef for char**; of course it's dynamically allocated. And even if it was a struct, MySQL API is C, not C++, so there wouldn't be any destructors that get called automatically.

comment:5 Changed 16 years ago by davea

Resolution: worksformefixed

(In [17904]) - DB code: fixed three places where we accessed a MYSQL_ROW

after freeing the MYSQL_RES it came from. (this didn't appear to cause any problems, but not good form). Fixes #883

Note: See TracTickets for help on using tickets.