Crash when disposing of a recordset after getting a blob/binary.
@murrayc
Submitted by Murray Cumming Assigned to mal..@..db.org
Link to original bug (#687252)
Description
I need to create a proper C test case for this, but I've just noticed a new crash with the latest libgda in jhbuild on Ubuntu Quantal, in one of my Glom tests.
gdb says:
Program received signal SIGSEGV, Segmentation fault.
pqGetc (result=result@entry=0xbfffe713 "\b", conn=conn@entry=0x88ee340)
at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-misc.c:105
105 /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-misc.c: No such file or directory.
(gdb) bt
#0 pqGetc (result=result@entry=0xbfffe713 "\b", conn=conn@entry=0x88ee340)
at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-misc.c:105
#1 0xb5c3d9ab in pqParseInput2 (conn=conn@entry=0x88ee340) at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-protocol2.c:433
#2 0xb5c351d1 in parseInput (conn=conn@entry=0x88ee340) at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-exec.c:1478
#3 0xb5c37787 in PQgetResult (conn=conn@entry=0x88ee340) at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-exec.c:1551
#4 0xb5c37a0f in PQexecStart (conn=conn@entry=0x88ee340) at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-exec.c:1724
#5 0xb5c37e89 in PQexec (conn=conn@entry=0x88ee340, query=query@entry=0x8c9de28 "DEALLOCATE psc139")
at /build/buildd/postgresql-9.1-9.1.6/build/../src/interfaces/libpq/fe-exec.c:1633
#6 0xb5c82644 in _gda_postgres_PQexec_wrap (cnc=0x88a2360, pconn=0x88ee340, query=query@entry=0x8c9de28 "DEALLOCATE psc139")
at gda-postgres-util.c:141
#7 0xb5c802ed in gda_postgres_pstmt_finalize (object=0x8e00768) at gda-postgres-pstmt.c:95
#8 0xb7a75128 in g_object_unref (_object=0x8e00768) at gobject.c:3023
#9 0xb7b141ca in gda_data_select_dispose (object=0x883a060) at gda-data-select.c:489
#10 0xb5c81f99 in gda_postgres_recordset_dispose (object=0x883a060) at gda-postgres-recordset.c:187
#11 0xb7a75098 in g_object_unref (_object=0x883a060) at gobject.c:2986
#12 0xb7ccb72e in Glib::ObjectBase::unreference (this=0x8915330) at objectbase.cc:138
#13 0x0804c8e5 in ~RefPtr (this=<optimized out>, __in_chrg=<optimized out>) at /opt/gnome/include/glibmm-2.4/glibmm/refptr.h:208
#14 test (hosting_mode=3221219852) at tests/test_selfhosting_new_then_image.cc:141
#15 0x0804beb8 in main () at tests/test_selfhosting_new_then_image.cc:148
valgrind says:
==27012== Invalid read of size 2 ==27012== at 0x7E501BF: parseInput (fe-exec.c:1475) ==27012== by 0x7E52786: PQgetResult (fe-exec.c:1551) ==27012== by 0x7E52A0E: PQexecStart (fe-exec.c:1724) ==27012== by 0x7E52E88: PQexec (fe-exec.c:1633) ==27012== by 0x7E04643: _gda_postgres_PQexec_wrap (gda-postgres-util.c:141) ==27012== by 0x7E022EC: gda_postgres_pstmt_finalize (gda-postgres-pstmt.c:95) ==27012== by 0x456D127: g_object_unref (gobject.c:3023) ==27012== by 0x43F21C9: gda_data_select_dispose (gda-data-select.c:489) ==27012== by 0x7E03F98: gda_postgres_recordset_dispose (gda-postgres-recordset.c:187) ==27012== by 0x456D097: g_object_unref (gobject.c:2986) ==27012== by 0x436972D: Glib::ObjectBase::unreference() const (objectbase.cc:138) ==27012== by 0x57C46D3: ??? ==27012== Address 0x7176c3e is 2 bytes before a block of size 8 free'd ==27012== at 0x402CC70: realloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==27012== by 0x45F8462: standard_realloc (gmem.c:92) ==27012== by 0x45F8BE8: g_realloc (gmem.c:224) ==27012== by 0x45F8EF2: g_realloc_n (gmem.c:450) ==27012== by 0x4628625: g_variant_builder_end (gvariant.c:3581) ==27012== by 0x4629EE2: g_variant_valist_new (gvariant.c:4548) (and a few more like it)