Fix segfault in certain case.

The scenario is something like:

1) a named statement is created.
2) DEALLOCATE removes it.
3) an erroneous query is executed.

In #2, "sent message" for the named statement is removed but
"uncompleted_message" is left. Then after #3, in ReadyForQuery()
uncompleted_message is added and removed. However, storage for the
uncompleted_message has been already freed in #2, and it causes a
segfault.

Fix is, in SimpleQuery() set NULL to uncompleted_message if it's not
PREPARE command so that ReadyForQuery() does not try to remove the
already removed message.

Per bug 546.

Here is a minimum test case.

'P'	"_plan0x7f2d465db530"	"SELECT 1"	0
'S'
'Y'
'Q'	"DEALLOCATE _plan0x7f2d465db530"
'Y'
'Q'	"CREATE INDEX users_auth_id_index ON non_existing_table ( auth_id )"
'Y'
'X'

diff --git a/src/protocol/pool_proto_modules.c b/src/protocol/pool_proto_modules.c
index deb01f4ee22bc67b12ceb7e2114fbd10c0874e3c..eb2ae9dfe3c1022b6c4b275f60fb4f3ef1418826 100644 (file)
--- a/src/protocol/pool_proto_modules.c
+++ b/src/protocol/pool_proto_modules.c
@@ -604,6 +604,8 @@ SimpleQuery(POOL_CONNECTION * frontend,
                                                                                   query_context);
                        session_context->uncompleted_message = msg;
                }
+               else
+                       session_context->uncompleted_message = NULL;
        }