Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rOUZ1-004bLw-Af for pgsql-hackers@arkaria.postgresql.org; Sat, 13 Jan 2024 03:20:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rOUY1-006i0R-BS for pgsql-hackers@arkaria.postgresql.org; Sat, 13 Jan 2024 03:19:01 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rOUY1-006i0J-25 for pgsql-hackers@lists.postgresql.org; Sat, 13 Jan 2024 03:19:01 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rOUXy-001ISD-Mb for pgsql-hackers@postgresql.org; Sat, 13 Jan 2024 03:19:00 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 40D3ItSO856131; Fri, 12 Jan 2024 22:18:55 -0500 From: Tom Lane To: Nathan Bossart cc: Jeff Davis , pgsql-hackers@postgresql.org Subject: Re: Fix minor memory leak in connection string validation In-reply-to: <20240113023705.GA4039878@nathanxps13> References: <066a65233d3cb4ea27a9e0778d2f1d0dc764b222.camel@j-davis.com> <20240113023705.GA4039878@nathanxps13> Comments: In-reply-to Nathan Bossart message dated "Fri, 12 Jan 2024 20:37:05 -0600" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <856129.1705115935.1@sss.pgh.pa.us> Date: Fri, 12 Jan 2024 22:18:55 -0500 Message-ID: <856130.1705115935@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Nathan Bossart writes: > On Fri, Jan 12, 2024 at 03:06:26PM -0800, Jeff Davis wrote: >> It makes me wonder if we should use the resowner mechanism to track >> pointers to malloc'd memory. Then we could use a standard pattern for >> these kinds of cases, and it would also catch more remote issues, like >> if a pstrdup() fails in an error path (which can happen a few lines up >> if the parse fails). > That seems worth exploring. I'm pretty dubious about adding overhead for that, mainly because most of the direct callers of malloc in a backend are going to be code that's not under our control. Modifying the callers that we do control is not going to give a full solution, and could well be outright misleading. > Another option could be to surround this with PG_TRY/PG_FINALLY, but your > patch seems sufficient, too. Yeah, seems fine for now. If that function grows any more complexity then we could think about using PG_TRY. regards, tom lane