ecpg: Improve error detection around ecpg_strdup()

michaelpq · Aleksander Alekseev · michaelpq · commit a6eabec6808c · 2025-07-23T08:18:36.000+09:00
Various code paths of the ECPG code did not check for memory allocation failures, including the specific case where ecpg_strdup() considers a NULL value given in input as a valid behavior. strdup() returning itself NULL on failure, there was no way to make the difference between what could be valid and what should fail. With the different cases in mind, ecpg_strdup() is redesigned and gains a new optional argument, giving its callers the possibility to differentiate allocation failures and valid cases where the caller is giving a NULL value in input. Most of the ECPG code does not expect a NULL value, at the exception of ECPGget_desc() (setlocale) and ECPGconnect(), like dbname being unspecified, with repeated strdup calls. The code is adapted to work with this new routine. Note the case of ecpg_auto_prepare(), where the code order is switched so as we handle failures with ecpg_strdup() before manipulating any cached data, avoiding inconsistencies. This class of failure is unlikely a problem in practice, so no backpatch is done. Random OOM failures in ECPGconnect() could cause the driver to connect to a different server than the one wanted by the caller, because it could fallback to default values instead of the parameters defined depending on the combinations of allocation failures and successes. Author: Evgeniy Gorbanev <gorbanyoves@basealt.ru> Co-authored-by: Aleksander Alekseev <aleksander@tigerdata.com> Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de> Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://postgr.es/m/a6b193c1-6994-4d9c-9059-aca4aaf41ddd@basealt.ru
diff --git a/src/interfaces/ecpg/ecpglib/connect.c b/src/interfaces/ecpg/ecpglib/connect.c
@@ -264,7 +264,8 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 	struct connection *this;
 	int			i,
 				connect_params = 0;
-	char	   *dbname = name ? ecpg_strdup(name, lineno) : NULL,
+	bool		alloc_failed = (sqlca == NULL);
+	char	   *dbname = name ? ecpg_strdup(name, lineno, &alloc_failed) : NULL,
 			   *host = NULL,
 			   *tmp,
 			   *port = NULL,
@@ -273,11 +274,12 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 	const char **conn_keywords;
 	const char **conn_values;
 
-	if (sqlca == NULL)
+	if (alloc_failed)
 	{
 		ecpg_raise(lineno, ECPG_OUT_OF_MEMORY,
 				   ECPG_SQLSTATE_ECPG_OUT_OF_MEMORY, NULL);
-		ecpg_free(dbname);
+		if (dbname)
+			ecpg_free(dbname);
 		return false;
 	}
 
@@ -302,7 +304,7 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 		if (envname)
 		{
 			ecpg_free(dbname);
-			dbname = ecpg_strdup(envname, lineno);
+			dbname = ecpg_strdup(envname, lineno, &alloc_failed);
 		}
 	}
 
@@ -354,7 +356,7 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 				tmp = strrchr(dbname + offset, '?');
 				if (tmp != NULL)	/* options given */
 				{
-					options = ecpg_strdup(tmp + 1, lineno);
+					options = ecpg_strdup(tmp + 1, lineno, &alloc_failed);
 					*tmp = '\0';
 				}
 
@@ -363,7 +365,7 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 				{
 					if (tmp[1] != '\0') /* non-empty database name */
 					{
-						realname = ecpg_strdup(tmp + 1, lineno);
+						realname = ecpg_strdup(tmp + 1, lineno, &alloc_failed);
 						connect_params++;
 					}
 					*tmp = '\0';
@@ -373,7 +375,7 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 				if (tmp != NULL)	/* port number given */
 				{
 					*tmp = '\0';
-					port = ecpg_strdup(tmp + 1, lineno);
+					port = ecpg_strdup(tmp + 1, lineno, &alloc_failed);
 					connect_params++;
 				}
 
@@ -407,7 +409,7 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 				{
 					if (*(dbname + offset) != '\0')
 					{
-						host = ecpg_strdup(dbname + offset, lineno);
+						host = ecpg_strdup(dbname + offset, lineno, &alloc_failed);
 						connect_params++;
 					}
 				}
@@ -419,22 +421,22 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 			tmp = strrchr(dbname, ':');
 			if (tmp != NULL)	/* port number given */
 			{
-				port = ecpg_strdup(tmp + 1, lineno);
+				port = ecpg_strdup(tmp + 1, lineno, &alloc_failed);
 				connect_params++;
 				*tmp = '\0';
 			}
 
 			tmp = strrchr(dbname, '@');
 			if (tmp != NULL)	/* host name given */
 			{
-				host = ecpg_strdup(tmp + 1, lineno);
+				host = ecpg_strdup(tmp + 1, lineno, &alloc_failed);
 				connect_params++;
 				*tmp = '\0';
 			}
 
 			if (strlen(dbname) > 0)
 			{
-				realname = ecpg_strdup(dbname, lineno);
+				realname = ecpg_strdup(dbname, lineno, &alloc_failed);
 				connect_params++;
 			}
 			else
@@ -465,7 +467,18 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 	 */
 	conn_keywords = (const char **) ecpg_alloc((connect_params + 1) * sizeof(char *), lineno);
 	conn_values = (const char **) ecpg_alloc(connect_params * sizeof(char *), lineno);
-	if (conn_keywords == NULL || conn_values == NULL)
+
+	/* Decide on a connection name */
+	if (connection_name != NULL || realname != NULL)
+	{
+		this->name = ecpg_strdup(connection_name ? connection_name : realname,
+								 lineno, &alloc_failed);
+	}
+	else
+		this->name = NULL;
+
+	/* Deal with any failed allocations above */
+	if (conn_keywords == NULL || conn_values == NULL || alloc_failed)
 	{
 		if (host)
 			ecpg_free(host);
@@ -481,6 +494,8 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 			ecpg_free(conn_keywords);
 		if (conn_values)
 			ecpg_free(conn_values);
+		if (this->name)
+			ecpg_free(this->name);
 		free(this);
 		return false;
 	}
@@ -515,17 +530,14 @@ ECPGconnect(int lineno, int c, const char *name, const char *user, const char *p
 				ecpg_free(conn_keywords);
 			if (conn_values)
 				ecpg_free(conn_values);
+			if (this->name)
+				ecpg_free(this->name);
 			free(this);
 			return false;
 		}
 	}
 #endif
 
-	if (connection_name != NULL)
-		this->name = ecpg_strdup(connection_name, lineno);
-	else
-		this->name = ecpg_strdup(realname, lineno);
-
 	this->cache_head = NULL;
 	this->prep_stmts = NULL;
 
diff --git a/src/interfaces/ecpg/ecpglib/descriptor.c b/src/interfaces/ecpg/ecpglib/descriptor.c
@@ -240,8 +240,9 @@ ECPGget_desc(int lineno, const char *desc_name, int index,...)
 				act_tuple;
 	struct variable data_var;
 	struct sqlca_t *sqlca = ECPGget_sqlca();
+	bool		alloc_failed = (sqlca == NULL);
 
-	if (sqlca == NULL)
+	if (alloc_failed)
 	{
 		ecpg_raise(lineno, ECPG_OUT_OF_MEMORY,
 				   ECPG_SQLSTATE_ECPG_OUT_OF_MEMORY, NULL);
@@ -493,7 +494,14 @@ ECPGget_desc(int lineno, const char *desc_name, int index,...)
 #ifdef WIN32
 		stmt.oldthreadlocale = _configthreadlocale(_ENABLE_PER_THREAD_LOCALE);
 #endif
-		stmt.oldlocale = ecpg_strdup(setlocale(LC_NUMERIC, NULL), lineno);
+		stmt.oldlocale = ecpg_strdup(setlocale(LC_NUMERIC, NULL),
+									 lineno, &alloc_failed);
+		if (alloc_failed)
+		{
+			va_end(args);
+			return false;
+		}
+
 		setlocale(LC_NUMERIC, "C");
 #endif
 
diff --git a/src/interfaces/ecpg/ecpglib/ecpglib_extern.h b/src/interfaces/ecpg/ecpglib/ecpglib_extern.h
@@ -175,7 +175,7 @@ void		ecpg_free(void *ptr);
 bool		ecpg_init(const struct connection *con,
 					  const char *connection_name,
 					  const int lineno);
-char	   *ecpg_strdup(const char *string, int lineno);
+char	   *ecpg_strdup(const char *string, int lineno, bool *alloc_failed);
 const char *ecpg_type_name(enum ECPGttype typ);
 int			ecpg_dynamic_type(Oid type);
 int			sqlda_dynamic_type(Oid type, enum COMPAT_MODE compat);
diff --git a/src/interfaces/ecpg/ecpglib/execute.c b/src/interfaces/ecpg/ecpglib/execute.c
@@ -860,9 +860,9 @@ ecpg_store_input(const int lineno, const bool force_indicator, const struct vari
 					numeric    *nval;
 
 					if (var->arrsize > 1)
-						mallocedval = ecpg_strdup("{", lineno);
+						mallocedval = ecpg_strdup("{", lineno, NULL);
 					else
-						mallocedval = ecpg_strdup("", lineno);
+						mallocedval = ecpg_strdup("", lineno, NULL);
 
 					if (!mallocedval)
 						return false;
@@ -923,9 +923,9 @@ ecpg_store_input(const int lineno, const bool force_indicator, const struct vari
 					int			slen;
 
 					if (var->arrsize > 1)
-						mallocedval = ecpg_strdup("{", lineno);
+						mallocedval = ecpg_strdup("{", lineno, NULL);
 					else
-						mallocedval = ecpg_strdup("", lineno);
+						mallocedval = ecpg_strdup("", lineno, NULL);
 
 					if (!mallocedval)
 						return false;
@@ -970,9 +970,9 @@ ecpg_store_input(const int lineno, const bool force_indicator, const struct vari
 					int			slen;
 
 					if (var->arrsize > 1)
-						mallocedval = ecpg_strdup("{", lineno);
+						mallocedval = ecpg_strdup("{", lineno, NULL);
 					else
-						mallocedval = ecpg_strdup("", lineno);
+						mallocedval = ecpg_strdup("", lineno, NULL);
 
 					if (!mallocedval)
 						return false;
@@ -1017,9 +1017,9 @@ ecpg_store_input(const int lineno, const bool force_indicator, const struct vari
 					int			slen;
 
 					if (var->arrsize > 1)
-						mallocedval = ecpg_strdup("{", lineno);
+						mallocedval = ecpg_strdup("{", lineno, NULL);
 					else
-						mallocedval = ecpg_strdup("", lineno);
+						mallocedval = ecpg_strdup("", lineno, NULL);
 
 					if (!mallocedval)
 						return false;
@@ -2001,7 +2001,8 @@ ecpg_do_prologue(int lineno, const int compat, const int force_indicator,
 		return false;
 	}
 #endif
-	stmt->oldlocale = ecpg_strdup(setlocale(LC_NUMERIC, NULL), lineno);
+	stmt->oldlocale = ecpg_strdup(setlocale(LC_NUMERIC, NULL), lineno,
+								  NULL);
 	if (stmt->oldlocale == NULL)
 	{
 		ecpg_do_epilogue(stmt);
@@ -2030,7 +2031,14 @@ ecpg_do_prologue(int lineno, const int compat, const int force_indicator,
 		statement_type = ECPGst_execute;
 	}
 	else
-		stmt->command = ecpg_strdup(query, lineno);
+	{
+		stmt->command = ecpg_strdup(query, lineno, NULL);
+		if (!stmt->command)
+		{
+			ecpg_do_epilogue(stmt);
+			return false;
+		}
+	}
 
 	stmt->name = NULL;
 
@@ -2042,7 +2050,12 @@ ecpg_do_prologue(int lineno, const int compat, const int force_indicator,
 		if (command)
 		{
 			stmt->name = stmt->command;
-			stmt->command = ecpg_strdup(command, lineno);
+			stmt->command = ecpg_strdup(command, lineno, NULL);
+			if (!stmt->command)
+			{
+				ecpg_do_epilogue(stmt);
+				return false;
+			}
 		}
 		else
 		{
@@ -2175,7 +2188,12 @@ ecpg_do_prologue(int lineno, const int compat, const int force_indicator,
 
 			if (!is_prepared_name_set && stmt->statement_type == ECPGst_prepare)
 			{
-				stmt->name = ecpg_strdup(var->value, lineno);
+				stmt->name = ecpg_strdup(var->value, lineno, NULL);
+				if (!stmt->name)
+				{
+					ecpg_do_epilogue(stmt);
+					return false;
+				}
 				is_prepared_name_set = true;
 			}
 		}
diff --git a/src/interfaces/ecpg/ecpglib/memory.c b/src/interfaces/ecpg/ecpglib/memory.c
@@ -43,8 +43,15 @@ ecpg_realloc(void *ptr, long size, int lineno)
 	return new;
 }
 
+/*
+ * Wrapper for strdup(), with NULL in input treated as a correct case.
+ *
+ * "alloc_failed" can be optionally specified by the caller to check for
+ * allocation failures.  The caller is responsible for its initialization,
+ * as ecpg_strdup() may be called repeatedly across multiple allocations.
+ */
 char *
-ecpg_strdup(const char *string, int lineno)
+ecpg_strdup(const char *string, int lineno, bool *alloc_failed)
 {
 	char	   *new;
 
@@ -54,6 +61,8 @@ ecpg_strdup(const char *string, int lineno)
 	new = strdup(string);
 	if (!new)
 	{
+		if (alloc_failed)
+			*alloc_failed = true;
 		ecpg_raise(lineno, ECPG_OUT_OF_MEMORY, ECPG_SQLSTATE_ECPG_OUT_OF_MEMORY, NULL);
 		return NULL;
 	}
diff --git a/src/interfaces/ecpg/ecpglib/prepare.c b/src/interfaces/ecpg/ecpglib/prepare.c

Original file line number	Diff line number	Diff line change
`@@ -264,7 +264,8 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`264`	`264`	`struct connection *this;`
`265`	`265`	`int i,`
`266`	`266`	`connect_params = 0;`
`267`		`- char *dbname = name ? ecpg_strdup(name, lineno) : NULL,`
	`267`	`+ bool alloc_failed = (sqlca == NULL);`
	`268`	`+ char *dbname = name ? ecpg_strdup(name, lineno, &alloc_failed) : NULL,`
`268`	`269`	`*host = NULL,`
`269`	`270`	`*tmp,`
`270`	`271`	`*port = NULL,`
`@@ -273,11 +274,12 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`273`	`274`	`const char **conn_keywords;`
`274`	`275`	`const char **conn_values;`
`275`	`276`
`276`		`- if (sqlca == NULL)`
	`277`	`+ if (alloc_failed)`
`277`	`278`	`{`
`278`	`279`	`ecpg_raise(lineno, ECPG_OUT_OF_MEMORY,`
`279`	`280`	`ECPG_SQLSTATE_ECPG_OUT_OF_MEMORY, NULL);`
`280`		`- ecpg_free(dbname);`
	`281`	`+ if (dbname)`
	`282`	`+ ecpg_free(dbname);`
`281`	`283`	`return false;`
`282`	`284`	`}`
`283`	`285`
`@@ -302,7 +304,7 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`302`	`304`	`if (envname)`
`303`	`305`	`{`
`304`	`306`	`ecpg_free(dbname);`
`305`		`- dbname = ecpg_strdup(envname, lineno);`
	`307`	`+ dbname = ecpg_strdup(envname, lineno, &alloc_failed);`
`306`	`308`	`}`
`307`	`309`	`}`
`308`	`310`
`@@ -354,7 +356,7 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`354`	`356`	`tmp = strrchr(dbname + offset, '?');`
`355`	`357`	`if (tmp != NULL) /* options given */`
`356`	`358`	`{`
`357`		`- options = ecpg_strdup(tmp + 1, lineno);`
	`359`	`+ options = ecpg_strdup(tmp + 1, lineno, &alloc_failed);`
`358`	`360`	`*tmp = '\0';`
`359`	`361`	`}`
`360`	`362`
`@@ -363,7 +365,7 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`363`	`365`	`{`
`364`	`366`	`if (tmp[1] != '\0') /* non-empty database name */`
`365`	`367`	`{`
`366`		`- realname = ecpg_strdup(tmp + 1, lineno);`
	`368`	`+ realname = ecpg_strdup(tmp + 1, lineno, &alloc_failed);`
`367`	`369`	`connect_params++;`
`368`	`370`	`}`
`369`	`371`	`*tmp = '\0';`
`@@ -373,7 +375,7 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`373`	`375`	`if (tmp != NULL) /* port number given */`
`374`	`376`	`{`
`375`	`377`	`*tmp = '\0';`
`376`		`- port = ecpg_strdup(tmp + 1, lineno);`
	`378`	`+ port = ecpg_strdup(tmp + 1, lineno, &alloc_failed);`
`377`	`379`	`connect_params++;`
`378`	`380`	`}`
`379`	`381`
`@@ -407,7 +409,7 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`407`	`409`	`{`
`408`	`410`	`if (*(dbname + offset) != '\0')`
`409`	`411`	`{`
`410`		`- host = ecpg_strdup(dbname + offset, lineno);`
	`412`	`+ host = ecpg_strdup(dbname + offset, lineno, &alloc_failed);`
`411`	`413`	`connect_params++;`
`412`	`414`	`}`
`413`	`415`	`}`
`@@ -419,22 +421,22 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`419`	`421`	`tmp = strrchr(dbname, ':');`
`420`	`422`	`if (tmp != NULL) /* port number given */`
`421`	`423`	`{`
`422`		`- port = ecpg_strdup(tmp + 1, lineno);`
	`424`	`+ port = ecpg_strdup(tmp + 1, lineno, &alloc_failed);`
`423`	`425`	`connect_params++;`
`424`	`426`	`*tmp = '\0';`
`425`	`427`	`}`
`426`	`428`
`427`	`429`	`tmp = strrchr(dbname, '@');`
`428`	`430`	`if (tmp != NULL) /* host name given */`
`429`	`431`	`{`
`430`		`- host = ecpg_strdup(tmp + 1, lineno);`
	`432`	`+ host = ecpg_strdup(tmp + 1, lineno, &alloc_failed);`
`431`	`433`	`connect_params++;`
`432`	`434`	`*tmp = '\0';`
`433`	`435`	`}`
`434`	`436`
`435`	`437`	`if (strlen(dbname) > 0)`
`436`	`438`	`{`
`437`		`- realname = ecpg_strdup(dbname, lineno);`
	`439`	`+ realname = ecpg_strdup(dbname, lineno, &alloc_failed);`
`438`	`440`	`connect_params++;`
`439`	`441`	`}`
`440`	`442`	`else`
`@@ -465,7 +467,18 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`465`	`467`	`*/`
`466`	`468`	`conn_keywords = (const char *) ecpg_alloc((connect_params + 1) sizeof(char *), lineno);`
`467`	`469`	`conn_values = (const char *) ecpg_alloc(connect_params sizeof(char *), lineno);`
`468`		`- if (conn_keywords == NULL \|\| conn_values == NULL)`
	`470`	`+`
	`471`	`+ /* Decide on a connection name */`
	`472`	`+ if (connection_name != NULL \|\| realname != NULL)`
	`473`	`+ {`
	`474`	`+ this->name = ecpg_strdup(connection_name ? connection_name : realname,`
	`475`	`+ lineno, &alloc_failed);`
	`476`	`+ }`
	`477`	`+ else`
	`478`	`+ this->name = NULL;`
	`479`	`+`
	`480`	`+ /* Deal with any failed allocations above */`
	`481`	`+ if (conn_keywords == NULL \|\| conn_values == NULL \|\| alloc_failed)`
`469`	`482`	`{`
`470`	`483`	`if (host)`
`471`	`484`	`ecpg_free(host);`
`@@ -481,6 +494,8 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`481`	`494`	`ecpg_free(conn_keywords);`
`482`	`495`	`if (conn_values)`
`483`	`496`	`ecpg_free(conn_values);`
	`497`	`+ if (this->name)`
	`498`	`+ ecpg_free(this->name);`
`484`	`499`	`free(this);`
`485`	`500`	`return false;`
`486`	`501`	`}`
`@@ -515,17 +530,14 @@ ECPGconnect(int lineno, int c, const char name, const char user, const char *p`
`515`	`530`	`ecpg_free(conn_keywords);`
`516`	`531`	`if (conn_values)`
`517`	`532`	`ecpg_free(conn_values);`
	`533`	`+ if (this->name)`
	`534`	`+ ecpg_free(this->name);`
`518`	`535`	`free(this);`
`519`	`536`	`return false;`
`520`	`537`	`}`
`521`	`538`	`}`
`522`	`539`	`#endif`
`523`	`540`
`524`		`- if (connection_name != NULL)`
`525`		`- this->name = ecpg_strdup(connection_name, lineno);`
`526`		`- else`
`527`		`- this->name = ecpg_strdup(realname, lineno);`
`528`		`-`
`529`	`541`	`this->cache_head = NULL;`
`530`	`542`	`this->prep_stmts = NULL;`
`531`	`543`
Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,15 @@ ecpg_realloc(void *ptr, long size, int lineno)`
`43`	`43`	`return new;`
`44`	`44`	`}`
`45`	`45`
	`46`	`+/*`
	`47`	`+ * Wrapper for strdup(), with NULL in input treated as a correct case.`
	`48`	`+ *`
	`49`	`+ * "alloc_failed" can be optionally specified by the caller to check for`
	`50`	`+ * allocation failures. The caller is responsible for its initialization,`
	`51`	`+ * as ecpg_strdup() may be called repeatedly across multiple allocations.`
	`52`	`+ */`
`46`	`53`	`char *`
`47`		`-ecpg_strdup(const char *string, int lineno)`
	`54`	`+ecpg_strdup(const char string, int lineno, bool alloc_failed)`
`48`	`55`	`{`
`49`	`56`	`char *new;`
`50`	`57`
`@@ -54,6 +61,8 @@ ecpg_strdup(const char *string, int lineno)`
`54`	`61`	`new = strdup(string);`
`55`	`62`	`if (!new)`
`56`	`63`	`{`
	`64`	`+ if (alloc_failed)`
	`65`	`+ *alloc_failed = true;`
`57`	`66`	`ecpg_raise(lineno, ECPG_OUT_OF_MEMORY, ECPG_SQLSTATE_ECPG_OUT_OF_MEMORY, NULL);`
`58`	`67`	`return NULL;`
`59`	`68`	`}`