Fix PGLC_localeconv() to handle errors better

Enterprise / PostgreSQL - Tom Lane [sss.pgh.pa.us] - 21 November 2016 17:21 UTC

The code was intentionally not very careful about leaking strdup'd strings in case of an error. That was forgivable probably, but it also failed to notice strdup() failures, which could lead to subsequent null-pointer-dereference crashes, since many callers unsurprisingly didn't check for null pointers in the struct lconv fields. An even worse problem is that it could throw error while we were setlocale'd to a non-C locale, causing unwanted behavior in subsequent libc calls.

Rewrite to ensure that we cannot throw elog(ERROR) until after we've restored the previous locale settings, or at least attempted to. (I'm sorely tempted to make restore failure be a FATAL error, but will refrain for the moment.) Having done that, it's not much more work to ensure that we clean up strdup'd storage on the way out, too.

This code is substantially the same in all supported branches, so back-patch all the way.

Michael Paquier and Tom Lane

Discussion:

a4930e7 Fix PGLC_localeconv() to handle errors better.
src/backend/utils/adt/pg_locale.c | 216 ++++++++++++++++++++++++++++---------
1 file changed, 164 insertions(+), 52 deletions(-)

Upstream: git.postgresql.org

  • Share