Menu
▾
▴
[Firebird-checkins] SF.net SVN: firebird:[60058] firebird/trunk/src/remote
|
From: <ale...@us...> - 2014-09-29 10:51:45
|
Revision: 60058
http://sourceforge.net/p/firebird/code/60058
Author: alexpeshkoff
Date: 2014-09-29 10:51:40 +0000 (Mon, 29 Sep 2014)
Log Message:
-----------
Fixed access to freed memory in remote redirector. This should fix CORE-4557.
Modified Paths:
--------------
firebird/trunk/src/remote/client/interface.cpp
firebird/trunk/src/remote/remote.cpp
firebird/trunk/src/remote/remote.h
Modified: firebird/trunk/src/remote/client/interface.cpp
===================================================================
--- firebird/trunk/src/remote/client/interface.cpp 2014-09-29 01:18:08 UTC (rev 60057)
+++ firebird/trunk/src/remote/client/interface.cpp 2014-09-29 10:51:40 UTC (rev 60058)
@@ -153,7 +153,9 @@
public:
explicit Blob(Rbl* handle)
: blob(handle)
- { }
+ {
+ blob->rbl_self = &blob;
+ }
private:
void freeClientData(IStatus* status, bool force = false);
@@ -201,7 +203,9 @@
Transaction(Rtr* handle, Attachment* a)
: remAtt(a),
transaction(handle)
- { }
+ {
+ transaction->rtr_self = &transaction;
+ }
Rtr* getTransaction()
{
@@ -319,6 +323,7 @@
statement(handle),
dialect(aDialect)
{
+ statement->rsr_self = &statement;
}
Rsr* getStatement()
@@ -382,7 +387,9 @@
public:
Request(Rrq* handle, Attachment* a)
: remAtt(a), rq(handle)
- { }
+ {
+ rq->rrq_self = &rq;
+ }
private:
void freeClientData(IStatus* status, bool force = false);
@@ -414,7 +421,11 @@
virtual void FB_CARG cancel(IStatus* status);
public:
- Events(Rvnt* handle) : rvnt(handle) { }
+ Events(Rvnt* handle)
+ : rvnt(handle)
+ {
+ rvnt->rvnt_self = &rvnt;
+ }
private:
void freeClientData(IStatus* status, bool force = false);
Modified: firebird/trunk/src/remote/remote.cpp
===================================================================
--- firebird/trunk/src/remote/remote.cpp 2014-09-29 01:18:08 UTC (rev 60057)
+++ firebird/trunk/src/remote/remote.cpp 2014-09-29 10:51:40 UTC (rev 60058)
@@ -924,10 +924,6 @@
}
*/
-Rrq::~Rrq()
-{
-}
-
void Rrq::saveStatus(const Firebird::Exception& ex) throw()
{
if (rrqStatus.isSuccess())
Modified: firebird/trunk/src/remote/remote.h
===================================================================
--- firebird/trunk/src/remote/remote.h 2014-09-29 01:18:08 UTC (rev 60057)
+++ firebird/trunk/src/remote/remote.h 2014-09-29 10:51:40 UTC (rev 60058)
@@ -168,14 +168,21 @@
bool rtr_limbo;
Firebird::Array<Rsr*> rtr_cursors;
+ Rtr** rtr_self;
public:
Rtr() :
rtr_rdb(0), rtr_next(0), rtr_blobs(0),
rtr_iface(NULL), rtr_id(0), rtr_limbo(0),
- rtr_cursors(getPool())
+ rtr_cursors(getPool()), rtr_self(NULL)
{ }
+ ~Rtr()
+ {
+ if (rtr_self && *rtr_self == this)
+ *rtr_self = NULL;
+ }
+
static ISC_STATUS badHandle() { return isc_bad_trans_handle; }
};
@@ -197,6 +204,7 @@
USHORT rbl_fragment_length;
USHORT rbl_source_interp; // source interp (for writing)
USHORT rbl_target_interp; // destination interp (for reading)
+ Rbl** rbl_self;
public:
// Values for rbl_flags
@@ -213,9 +221,15 @@
rbl_buffer(rbl_data.getBuffer(BLOB_LENGTH)), rbl_ptr(rbl_buffer), rbl_iface(NULL),
rbl_offset(0), rbl_id(0), rbl_flags(0),
rbl_buffer_length(BLOB_LENGTH), rbl_length(0), rbl_fragment_length(0),
- rbl_source_interp(0), rbl_target_interp(0)
+ rbl_source_interp(0), rbl_target_interp(0), rbl_self(NULL)
{ }
+ ~Rbl()
+ {
+ if (rbl_self && *rbl_self == this)
+ *rbl_self = NULL;
+ }
+
static ISC_STATUS badHandle() { return isc_bad_segstr_handle; }
};
@@ -229,12 +243,19 @@
rem_port* rvnt_port; // used to id server from whence async came
SLONG rvnt_id; // used to store client-side id
USHORT rvnt_length;
+ Rvnt** rvnt_self;
public:
Rvnt() :
rvnt_next(NULL), rvnt_rdb(NULL), rvnt_callback(NULL), rvnt_iface(NULL),
- rvnt_port(NULL), rvnt_id(0), rvnt_length(0)
+ rvnt_port(NULL), rvnt_id(0), rvnt_length(0), rvnt_self(NULL)
{ }
+
+ ~Rvnt()
+ {
+ if (rvnt_self && *rvnt_self == this)
+ *rvnt_self = NULL;
+ }
};
@@ -325,23 +346,29 @@
};
Firebird::Array<rrq_repeat> rrq_rpt;
+ Rrq** rrq_self;
public:
explicit Rrq(FB_SIZE_T rpt) :
rrq_rdb(0), rrq_rtr(0), rrq_next(0), rrq_levels(0),
rrq_iface(NULL), rrq_id(0), rrq_max_msg(0), rrq_level(0),
- rrq_rpt(getPool(), rpt)
+ rrq_rpt(getPool(), rpt), rrq_self(NULL)
{
//memset(rrq_status_vector, 0, sizeof rrq_status_vector);
rrq_rpt.grow(rpt);
}
- ~Rrq();
+ ~Rrq()
+ {
+ if (rrq_self && *rrq_self == this)
+ *rrq_self = NULL;
+ }
Rrq* clone() const
{
Rrq* rc = new Rrq(rrq_rpt.getCount());
*rc = *this;
+ rc->rrq_self = NULL;
return rc;
}
@@ -419,6 +446,7 @@
Firebird::string rsr_cursor_name; // Name for cursor to be set on open
bool rsr_delayed_format; // Out format was delayed on execute, set it on fetch
+ Rsr** rsr_self;
public:
// Values for rsr_flags.
@@ -440,9 +468,15 @@
rsr_format(0), rsr_message(0), rsr_buffer(0), rsr_status(0),
rsr_id(0), rsr_fmt_length(0),
rsr_rows_pending(0), rsr_msgs_waiting(0), rsr_reorder_level(0), rsr_batch_count(0),
- rsr_cursor_name(getPool()), rsr_delayed_format(false)
- { }
+ rsr_cursor_name(getPool()), rsr_delayed_format(false), rsr_self(NULL)
+ { }
+ ~Rsr()
+ {
+ if (rsr_self && *rsr_self == this)
+ *rsr_self = NULL;
+ }
+
void saveException(Firebird::IStatus* status, bool overwrite);
void saveException(const Firebird::Exception& ex, bool overwrite);
void clearException();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
