From: | Brian Sutherland <brian(at)vanguardistas(dot)net> |
---|---|
To: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
Cc: | Psycopg List <psycopg(at)postgresql(dot)org> |
Subject: | Re: NULL dereference when memory is tight |
Date: | 2011-02-24 09:39:20 |
Message-ID: | 20110224093920.GD15185@Boo.local |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Sun, Feb 20, 2011 at 06:06:30PM +0000, Daniele Varrazzo wrote:
> On Sun, Feb 20, 2011 at 4:47 PM, Brian Sutherland
> <brian(at)vanguardistas(dot)net> wrote:
> > Hi,
> >
> > I recently found a few places in the latest beta release where a NULL
> > dereference could occur when insufficient memory is available.
> >
> > For example in connection_type.c:
> >
> > 830 self->dsn = strdup(dsn);
> > ...
> > 855 pos = strstr(self->dsn, "password");
> >
> > strdup could return a NULL.
> >
> > Admittedly this is probably a minor bug, but would it interest anyone if
> > I report these somewhere?
>
> Thank you for the review.
Actually, thanks to monoidics for letting me try out their INFER static
code checker.
> Having patches would be even better, but I
> will take care of this one.
Great!
Attached is a patch for another issue, though I'm not sure if calling
PyErr_NoMemory within libpq is sane.
To tell if the other issues INFER raises are bugs would require a much
deeper insight into the psycopg2 code than I have.
--
Brian Sutherland
Attachment | Content-Type | Size |
---|---|---|
notice_malloc.patch | text/plain | 925 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Federico Di Gregorio | 2011-02-24 09:52:52 | Re: NULL dereference when memory is tight |
Previous Message | Danny Milosavljevic | 2011-02-22 20:53:41 | Re: psycopg2 (async) socket timeout |