RPM Package Manager, CVS Repository
http://rpm5.org/cvs/
____________________________________________________________________________
Server: rpm5.org Name: Jeff Johnson
Root: /v/rpm/cvs Email: j...@rpm5.org
Module: rpm Date: 09-May-2012 00:28:02
Branch: rpm-5_4 Handle: 2012050822280100
Modified files: (Branch: rpm-5_4)
rpm/rpmdb sqlite.c
Log:
- sqldb: fix: double free's in sql_close().
Summary:
Revision Changes Path
1.44.4.13 +31 -66 rpm/rpmdb/sqlite.c
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: rpm/rpmdb/sqlite.c
============================================================================
$ cvs diff -u -r1.44.4.12 -r1.44.4.13 sqlite.c
--- rpm/rpmdb/sqlite.c 8 May 2012 17:22:29 -0000 1.44.4.12
+++ rpm/rpmdb/sqlite.c 8 May 2012 22:28:01 -0000 1.44.4.13
@@ -435,10 +435,15 @@
dbg_scp(scp);
#endif
+#ifndef DYING
if (scp->cmd) {
sqlite3_free(scp->cmd);
scp->cmd = NULL;
}
+#else
+ scp->cmd = _free(scp->cmd);
+#endif
+
if (scp->pStmt) {
xx = cvtdberr(NULL, "sqlite3_reset",
sqlite3_reset(scp->pStmt));
@@ -459,6 +464,7 @@
{
SCP_t scp = (SCP_t) _scp;
+SCPDEBUG(NULL, (stderr, "==> %s(%p)\n", __FUNCTION__, scp));
scp = scpReset(scp);
scp = scpResetKeys(scp);
scp->av = _free(scp->av);
@@ -747,14 +753,7 @@
sqlite3_exec(sqlI, cmd, callback, context, &errmsg));
SQLDBDEBUG(dbi, (stderr, "%s\n<-- %s(%p,%p(%p)) rc %d %s\n", cmd,
__FUNCTION__, dbi, callback, context, rc, (errmsg ? errmsg : "")));
-#ifndef DYING /* XXX needed? */
errmsg = _free(errmsg);
-#else
- if (errmsg) {
- sqlite3_free(errmsg);
- errmsg = NULL;
- }
-#endif
return rc;
}
@@ -1048,9 +1047,7 @@
}
exit:
-
SQLDBDEBUG(dbi, (stderr, "<-- %s(%p) rc %d\n", __FUNCTION__, dbi, rc));
-
return rc;
}
@@ -1080,7 +1077,6 @@
scp = scpFree(scp);
SQLDBDEBUG(dbi, (stderr, "<-- %s(%p,%p,0x%x) rc %d\n", __FUNCTION__, dbi,
dbcursor, flags, rc));
-
return rc;
}
@@ -1098,15 +1094,6 @@
int rc = 0;
if (sql) {
- sqlite3 * sqlI = (sqlite3 *) sql->I;
- int xx;
-
- xx = cvtdberr(dbi, "sqlite3_close",
- sqlite3_close(sqlI));
- sql->I = sqlI = NULL;
-
- rpmlog(RPMLOG_DEBUG, D_("closed table %s\n"),
- dbi->dbi_subfile);
#if defined(MAYBE) /* XXX should SQLite and BDB have different semantics? */
if (dbi->dbi_temporary && !(dbi->dbi_eflags & DB_PRIVATE)) {
@@ -1119,15 +1106,16 @@
}
#endif
- /* XXX different than Berkeley DB: privately allocated. */
+ /* XXX different than Berkeley DB: dbi->dbi_db is allocated. */
sql = rpmsqlFree(sql);
dbi->dbi_db = sql = NULL;
+ rpmlog(RPMLOG_DEBUG, D_("closed table %s\n"),
+ dbi->dbi_subfile);
+
}
-#ifdef NOTYET /* XXX FIXME: sql_close() double free */
- dbi = db3Free(dbi);
-#endif
+ (void) db3Free(dbi);
SQLDBDEBUG(dbi, (stderr, "<-- %s(%p,0x%x) rc %d\n", __FUNCTION__, dbi,
flags, rc));
return rc;
@@ -1149,14 +1137,10 @@
/*@=nestedextern -shadow @*/
const char * urlfn = NULL;
- const char * root;
- const char * home;
- const char * dbhome;
- const char * dbfile;
+ const char * dbhome = NULL;
const char * dbfname = NULL;
dbiIndex dbi = NULL;
rpmsql sql = NULL;
- size_t len;
int rc = -1; /* assume failure */
int xx;
@@ -1171,31 +1155,19 @@
goto exit;
/* Get the prefix/root component and directory path */
- root = rpmdb->db_root;
- home = rpmdb->db_home;
-
- dbi->dbi_root = root;
- dbi->dbi_home = home;
-
- dbfile = tagName(dbi->dbi_rpmtag);
-
- /* Use a copy of tagName for the file/table name(s). */
- {
- char * t;
- len = strlen(dbfile);
- t = (char *) xcalloc(len + 1, sizeof(*t));
- (void) stpcpy( t, dbfile );
- dbi->dbi_file = t;
- dbi->dbi_subfile = t;
+ dbi->dbi_root = xstrdup(rpmdb->db_root);
+ dbi->dbi_home = xstrdup(rpmdb->db_home);
+ { const char * s = tagName(dbi->dbi_rpmtag);
+ dbi->dbi_file = xstrdup(s);
+ dbi->dbi_subfile = xstrdup(s);
}
-
dbi->dbi_mode = O_RDWR;
/*
* Either the root or directory components may be a URL. Concatenate,
* convert the URL to a path, and add the name of the file.
*/
- urlfn = rpmGenPath(NULL, home, NULL);
+ urlfn = rpmGenPath(NULL, dbi->dbi_home, NULL);
(void) urlPath(urlfn, &dbhome);
/* Create the %{sqldb} directory if it doesn't exist. */
@@ -1244,9 +1216,6 @@
} else {
if (dbi) {
(void) sql_close(dbi, 0);
-#ifndef NOTYET /* XXX FIXME: sql_close() double free */
- dbi = db3Free(dbi);
-#endif
}
dbi = NULL;
if (dbip) *dbip = dbi;
@@ -1383,15 +1352,12 @@
{
rpmsql sql = (rpmsql) dbi->dbi_db;
sqlite3 * sqlI = (sqlite3 *) sql->I;
-#ifdef DYING
- SCP_t scp = scpNew(sql);
-#else
- SCP_t scp = scpLink(dbcursor);
-#endif
+ SCP_t scp = scpLink(dbcursor); /* XXX scpNew() instead? */
int rc = 0;
dbg_keyval(__FUNCTION__, dbi, dbcursor, key, data, flags);
+assert(scp->cmd == NULL); /* XXX memleak prevention */
scp->cmd = sqlite3_mprintf("DELETE FROM '%q' WHERE key=? AND value=?;",
dbi->dbi_subfile);
@@ -1458,6 +1424,7 @@
* to later iteration confusion. (It may return the same value for the
multiple keys.)
*/
+assert(scp->cmd == NULL); /* XXX memleak prevention */
switch (dbi->dbi_rpmtag) {
case RPMDBI_PACKAGES:
scp->cmd = sqlite3_mprintf("SELECT key FROM '%q' ORDER BY key;",
@@ -1500,6 +1467,7 @@
scp = scpReset(scp);
/* Prepare SQL statement to retrieve the value for the current key */
+assert(scp->cmd == NULL); /* XXX memleak prevention */
scp->cmd = sqlite3_mprintf("SELECT value FROM '%q' WHERE key=?;",
dbi->dbi_subfile);
rc = cvtdberr(dbi, "sqlite3_prepare",
sqlite3_prepare(sqlI, scp->cmd, (int)strlen(scp->cmd),
@@ -1602,17 +1570,15 @@
{
rpmsql sql = (rpmsql) dbi->dbi_db;
sqlite3 * sqlI = (sqlite3 *) sql->I;
-#ifdef DYING
- SCP_t scp = scpNew(sql);
-#else
- SCP_t scp = scpLink(dbcursor);
-#endif
+ SCP_t scp = scpLink(dbcursor); /* XXX scpNew() instead? */
int rc = 0;
dbg_keyval("sql_cput", dbi, dbcursor, key, data, flags);
+assert(scp->cmd == NULL); /* XXX memleak prevention */
switch (dbi->dbi_rpmtag) {
default:
+ /* XXX sqlite3_prepare() persistence */
scp->cmd = sqlite3_mprintf("INSERT OR REPLACE INTO '%q' VALUES(?, ?);",
dbi->dbi_subfile);
rc = cvtdberr(dbi, "sqlite3_prepare",
@@ -1796,17 +1762,11 @@
/*@globals fileSystem, internalState @*/
/*@modifies dbi, fileSystem, internalState @*/
{
-#ifdef UNUSED
- rpmsql sql = (rpmsql) dbi->dbi_db;
-#endif
char * cmd;
int rc = 0;
- dbi->dbi_stats = _free(dbi->dbi_stats);
dbi->dbi_table_nkeys = -1;
- dbi->dbi_stats = (void *) xcalloc(1, sizeof(DB_HASH_STAT));
-
cmd = sqlite3_mprintf(" SELECT COUNT('key') FROM '%q';",
dbi->dbi_subfile);
rc = sql_exec(dbi, cmd, sql_stat_cb, dbi);
cmd = _free(cmd);
@@ -1814,8 +1774,13 @@
if (dbi->dbi_table_nkeys < 0)
dbi->dbi_table_nkeys = 4096; /* XXX hacky */
- ((DB_HASH_STAT *)(dbi->dbi_stats))->hash_nkeys = dbi->dbi_table_nkeys;
+ dbi->dbi_stats = _free(dbi->dbi_stats);
+ { DB_HASH_STAT * _stats = (DB_HASH_STAT *) xcalloc(1,
sizeof(*_stats));
+ _stats->hash_nkeys = dbi->dbi_table_nkeys;
+ dbi->dbi_stats = (void *) _stats;
+ }
+SQLDBDEBUG(dbi, (stderr, "<-- %s(%p,0x%x) rc %d subfile %s\n", __FUNCTION__,
dbi, flags, rc, dbi->dbi_subfile));
return rc;
}
@@ .
______________________________________________________________________
RPM Package Manager http://rpm5.org
CVS Sources Repository rpm-cvs@rpm5.org
