[gnome-db] double-free problem in postgres provider

From: Johannes Schmid <jhs jsschmid de>
To: gnome-db-list <gnome-db-list gnome org>
Subject: [gnome-db] double-free problem in postgres provider
Date: Sun, 25 Jan 2009 19:10:57 +0100

Hi!

I think I found a problem in the postgres provider:

gda-postgres-provider:2120
		else if (G_VALUE_TYPE (value) == GDA_TYPE_BINARY) {
			/* directly bin binary data */
			GdaBinary *bin = (GdaBinary *) gda_value_get_binary ((GValue *)
value);
			param_values [i] = (gchar*) bin->data;
			param_lengths [i] = bin->binary_length;
			param_formats [i] = 1; /* binary format */
		}
(...) 2191:
	g_strfreev (param_values);
	g_free (param_lengths);
	g_free (param_formats);

The problem is that param_values[i] for GDA_TYPE_BINARY is actually
owned by the GdaBinary (and later free'd again when the binary is
destroyed). So, a solution here would be to copy the bin->data but
that's a performance killer. Probably the code has to be refactored a
bit but I first want to make sure that this really causes the problem.

Here is the backtrace from glom when trying to add an image to a
database table. The crash happens when the the last reference to the
GdaHolder holding the image (GDA_TYPE_BINARY) is droped:

#0  0x00007f242c20afd5 in raise () from /lib/libc.so.6
#1  0x00007f242c20cb43 in abort () from /lib/libc.so.6
#2  0x00007f242c24bfa8 in ?? () from /lib/libc.so.6
#3  0x00007f242c251938 in ?? () from /lib/libc.so.6
#4  0x00007f242c253f86 in free () from /lib/libc.so.6
#5  0x00007f2433f149b1 in gda_binary_free (boxed=0x3f69750) at
gda-value.c:344
#6  0x00007f242d76c8b5 in boxed_proxy_value_free (value=<value optimized
out>)
    at /build/buildd/glib2.0-2.18.2/gobject/gboxed.c:288
#7  0x00007f242d791773 in IA__g_value_unset (value=0x4209a60)
    at /build/buildd/glib2.0-2.18.2/gobject/gvalue.c:276
#8  0x00007f2433f152ea in gda_value_free (value=0x4209a60) at
gda-value.c:1281
#9  0x00007f2433ef1f35 in gda_holder_dispose (object=0x3bcf620)
    at gda-holder.c:490
#10 0x00007f242d7711d2 in IA__g_object_unref (_object=<value optimized
out>)
    at /build/buildd/glib2.0-2.18.2/gobject/gobject.c:2389
#11 0x00007f2433f033c5 in gda_set_dispose (object=0x402be40) at
gda-set.c:985
#12 0x00007f242d7711d2 in IA__g_object_unref (_object=<value optimized
out>)


Regards,
Johannes

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

Follow-Ups:
- Re: [gnome-db] double-free problem in postgres provider
  - From: Vivien Malerba

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]