Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vSdKU-002IUa-2p for pgsql-hackers@arkaria.postgresql.org; Mon, 08 Dec 2025 15:39:15 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vSdKT-000BJT-1Q for pgsql-hackers@arkaria.postgresql.org; Mon, 08 Dec 2025 15:39:13 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vSdKT-000BJK-0L for pgsql-hackers@lists.postgresql.org; Mon, 08 Dec 2025 15:39:13 +0000 Received: from mail-oi1-x22e.google.com ([2607:f8b0:4864:20::22e]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vSdKR-003s0a-0K for pgsql-hackers@postgresql.org; Mon, 08 Dec 2025 15:39:13 +0000 Received: by mail-oi1-x22e.google.com with SMTP id 5614622812f47-450ccefe573so2748679b6e.3 for ; Mon, 08 Dec 2025 07:39:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765208349; x=1765813149; darn=postgresql.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=vVcrPG/7lCbCNxvg8N9x1B/Tv7b0EAnbDThq6bFdbN4=; b=NzrjooPpii/idribBYDng9UhhlxfAzsIavBDLyGSAFtN04VeZp0augPpmnCCkdrv4a 68pCnsIt+ymBZli+bmPLm/S2h+0NyCL+Hbo3n3kMeQ1EMUgYkoFWEVklg/bqwb+AOjLn EWEQBjSTecrlkt53khb65i4J8qqkgO4XrDKAoREZ/42Iq8NMwlR8LtLCXzMriVxQyxEY SDDnjrp7Ix1KtRRpyctEBQbXSM3G5W+K93iZWBHu/0vqpJLavo/41ujIeCxNmqjewCEO SUQLmml4/kojdM7N4+8JojowbbsH/ecKd3j8M8gtFXFrCaWCk7xkKI/TPDi6Qg2iLXeG L+dA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765208349; x=1765813149; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vVcrPG/7lCbCNxvg8N9x1B/Tv7b0EAnbDThq6bFdbN4=; b=o8jSIRuAfwksJNdQUErfNppFYrnHS1M7Alpkr0/zAsySOLbR6rh+xVc7ncW9UvsVkW 7HBmnQmNhgRcXmgZfQPJScNjS3hxpFEgSOdroXqJ+gFDuF6+kNsJ59t/PC/pxtX0NTMx ttUPJo+yIk5Vxj8Svfa2UW1fkw7qlDZ3RvvcFCEJLUp0ucTRpMgVlbgs5jXiOWMNfETh UlkYDDDqPCcH/DRmTCI6stbtssQF45YUPvTtp+M2u2owJ6gE5P+NDN5TTwebuidVhDjR ndz7AUQtA+4PuUjyuMMU6yp9vKm0y9TWUdiD8l0p4U8R+afFyd52gXUPScJYrvlabeY1 vcjw== X-Gm-Message-State: AOJu0YziMExwPDq+VY5IfWg/lfwnj/omDrQCkzX3zJUhjAE745ldKGgI TpIWwUmwZ91JZjDmZXPfz56d1/pi2NTTTnIzDKg6fJeUy6dFe38QM9JSPTeGf0DfOw53D46Nhr5 hqwrKNWs+yrhKbwJQ7cnYDGU/PWjakm0k2IqigiU= X-Gm-Gg: ASbGnctp4lHbj9Ef7vi3AuN7jx+j5IpHogtYH5sS3i1RwVtEX5ZCc3coJ+7R5eBtkRm wDG4/BMmMzjb8f7lbE/lENGz6E0yfUNbGeIBY/npqVB0SDaer+HEDJwJBZAqyMWYtSwVf1bvzqW 1gbomE4APyQIN3potvTwkhCrs2+HhhdWH+y72UPCbQ79qHuF7I2Jl/g7kZV7GfO7TnnCOn35B/2 vPnKQrnoTdYZytXMP9mCKUBLVSpYrxG5n6RdsF00ElsMKjV/LtUs8e1V5x1KuQxwxqW4+jo X-Google-Smtp-Source: AGHT+IFRdVNB0mueMhxhTG4w7U4hB9mqq6hGgN96H9cP+Lqs9i+IdVRXQTeiWes7dHNANn98x9kYNc7+5rWoyDAdIFM= X-Received: by 2002:a05:6808:14c8:b0:43f:5c19:cabe with SMTP id 5614622812f47-4539df6814amr3145977b6e.24.1765208349062; Mon, 08 Dec 2025 07:39:09 -0800 (PST) MIME-Version: 1.0 From: Shruthi Gowda Date: Mon, 8 Dec 2025 21:08:56 +0530 X-Gm-Features: AQt7F2oFWbrHMihpWykpWi62RtVsHkoeQ36gGMPNLwtyQF-mv68XYkJPIebu7lo Message-ID: Subject: [BUG] CRASH: ECPGprepared_statement() and ECPGdeallocate_all() when connection is NULL To: PostgreSQL Development Content-Type: multipart/mixed; boundary="00000000000099d8f20645729830" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000099d8f20645729830 Content-Type: multipart/alternative; boundary="00000000000099d8f0064572982e" --00000000000099d8f0064572982e Content-Type: text/plain; charset="UTF-8" Hi, The ECPG application crashes with a segmentation fault when calling specific deallocation or prepared statement functions without an established database connection. This is caused by a missing NULL check on the connection handle before attempting to access it. The issue is reproducible on the MASTER branch and affects older versions up to v13. The issue can be reproduced by modifying existing test cases, such as src/interfaces/ecpg/test/sql/execute.pgc or src/interfaces/ecpg/test/sql/desc.pgc. The general method is to skip the EXEC SQL CONNECT statement (or intentionally force the connection to fail). To specifically isolate the crash in ECPGdeallocate_all() and prevent the program from hitting the ECPGprepared_statement() crash first, modify the desc.pgc test file by moving the EXEC SQL DEALLOCATE ALL statement to an earlier point *Seg fault in ECPGprepared_statement():* [434574]: ECPGdebug: set to 1 [434574]: ECPGconnect: opening database ecpg1_regression on port [434574]: ECPGconnect: connection to server on socket "/tmp/.s.PGSQL.5444" failed: FATAL: database "ecpg1_regression" does not exist [434574]: ecpg_finish: connection main closed [434574]: raising sqlcode -402 on line 24: could not connect to database "ecpg1_regression" on line 24 SQL error: could not connect to database "ecpg1_regression" on line 24 [434574]: raising sqlcode -220 on line 25: connection "NULL" does not exist on line 25 SQL error: connection "NULL" does not exist on line 25 [434574]: raising sqlcode -220 on line 26: connection "NULL" does not exist on line 26 SQL error: connection "NULL" does not exist on line 26 [434574]: raising sqlcode -220 on line 29: connection "NULL" does not exist on line 29 SQL error: connection "NULL" does not exist on line 29 [434574]: raising sqlcode -220 on line 32: connection "NULL" does not exist on line 32 SQL error: connection "NULL" does not exist on line 32 [434574]: raising sqlcode -220 on line 35: connection "NULL" does not exist on line 35 SQL error: connection "NULL" does not exist on line 35 Inserted 0 tuples via execute immediate [434574]: raising sqlcode -220 on line 40: connection "NULL" does not exist on line 40 SQL error: connection "NULL" does not exist on line 40 [434574]: raising sqlcode -220 on line 41: connection "NULL" does not exist on line 41 SQL error: connection "NULL" does not exist on line 41 Inserted 0 tuples via prepared execute [434574]: raising sqlcode -220 on line 45: connection "NULL" does not exist on line 45 SQL error: connection "NULL" does not exist on line 45 [434574]: raising sqlcode -220 on line 49: connection "NULL" does not exist on line 49 SQL error: connection "NULL" does not exist on line 49 Program received signal SIGSEGV, Segmentation fault. 0x0000fffff7f92654 in ecpg_find_prepared_statement (name=0xaaaaaaaa1aa8 "f", con=0x0, prev_=0x0) at prepare.c:277 277 for (this = con->prep_stmts, prev = NULL; (gdb) bt #0 0x0000fffff7f92654 in ecpg_find_prepared_statement (name=0xaaaaaaaa1aa8 "f", con=0x0, prev_=0x0) at prepare.c:277 #1 0x0000fffff7f92aa8 in ecpg_prepared (name=0xaaaaaaaa1aa8 "f", con=0x0) at prepare.c:393 #2 0x0000fffff7f92afc in ECPGprepared_statement (connection_name=0x0, name=0xaaaaaaaa1aa8 "f", lineno=53) at prepare.c:404 #3 0x0000aaaaaaaa0f74 in main () at /home/shrkc/work/postgres/inst/bin/execute.pgc:52 *Seg fault in ECPGdeallocate_all() :* Program received signal SIGSEGV, Segmentation fault. 0x0000fffff7f92a2c in ecpg_deallocate_all_conn (lineno=25, c=ECPG_COMPAT_PGSQL, con=0x0) at prepare.c:372 372 while (con->prep_stmts) (gdb) bt #0 0x0000fffff7f92a2c in ecpg_deallocate_all_conn (lineno=25, c=ECPG_COMPAT_PGSQL, con=0x0) at prepare.c:372 #1 0x0000fffff7f92a78 in ECPGdeallocate_all (lineno=25, compat=0, connection_name=0x0) at prepare.c:384 #2 0x0000aaaaaaaa0e60 in main () at /home/shrkc/work/postgres/inst/bin/desc.pgc:25 Please find the proposed patch attached below for your review. Thanks & Regards, Shruthi K C EnterpriseDB: http://www.enterprisedb.com --00000000000099d8f0064572982e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Hi,

The ECPG application crashes with a segmentat= ion fault when calling specific deallocation or prepared statement function= s without an established database connection. This is caused by a missing N= ULL check on the connection handle before attempting to access it.

Th= e issue is reproducible on the MASTER branch and affects older versions up = to v13.

The issue can be reproduced by modifying existing test cases,= such as src/interfaces/ecpg/test/sql/execute.pgc or src= /interfaces/ecpg/test/sql/desc.pgc. The general method is to skip th= e EXEC SQL CONNECT statement (or intentionally forc= e the connection to fail).=C2=A0

To specifically isolate the crash in= ECPGdeallocate_all() and prevent the program from = hitting the ECPGprepared_statement() crash first, modify the <= code>desc.pgc test file by moving the EXEC SQL DEALLOCATE ALL<= /code> statement to an earlier point=C2=A0

Seg fault in=C2=A0EC= PGprepared_statement():

[434574]: ECPGdebug: set to 1
[434574= ]: ECPGconnect: opening database ecpg1_regression on <DEFAULT> port &= lt;DEFAULT> =C2=A0
[434574]: ECPGconnect: connection to server on soc= ket "/tmp/.s.PGSQL.5444" failed: FATAL: =C2=A0database "ecpg= 1_regression" does not exist
[434574]: ecpg_finish: connection main= closed
[434574]: raising sqlcode -402 on line 24: could not connect to = database "ecpg1_regression" on line 24
SQL error: could not co= nnect to database "ecpg1_regression" on line 24
[434574]: rais= ing sqlcode -220 on line 25: connection "NULL" does not exist on = line 25
SQL error: connection "NULL" does not exist on line 25=
[434574]: raising sqlcode -220 on line 26: connection "NULL" = does not exist on line 26
SQL error: connection "NULL" does no= t exist on line 26
[434574]: raising sqlcode -220 on line 29: connection= "NULL" does not exist on line 29
SQL error: connection "= NULL" does not exist on line 29
[434574]: raising sqlcode -220 on l= ine 32: connection "NULL" does not exist on line 32
SQL error:= connection "NULL" does not exist on line 32
[434574]: raising= sqlcode -220 on line 35: connection "NULL" does not exist on lin= e 35
SQL error: connection "NULL" does not exist on line 35Inserted 0 tuples via execute immediate
[434574]: raising sqlcode -220 = on line 40: connection "NULL" does not exist on line 40
SQL er= ror: connection "NULL" does not exist on line 40
[434574]: rai= sing sqlcode -220 on line 41: connection "NULL" does not exist on= line 41
SQL error: connection "NULL" does not exist on line 4= 1
Inserted 0 tuples via prepared execute
[434574]: raising sqlcode -2= 20 on line 45: connection "NULL" does not exist on line 45
SQL= error: connection "NULL" does not exist on line 45
[434574]: = raising sqlcode -220 on line 49: connection "NULL" does not exist= on line 49
SQL error: connection "NULL" does not exist on lin= e 49

Program received signal SIGSEGV, Segmentation fault.
0x0000f= ffff7f92654 in ecpg_find_prepared_statement (name=3D0xaaaaaaaa1aa8 "f&= quot;, con=3D0x0, prev_=3D0x0) at prepare.c:277
277 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 for (this =3D con->prep_stmts, prev =3D NULL;
(= gdb) bt
#0 =C2=A00x0000fffff7f92654 in ecpg_find_prepared_statement (nam= e=3D0xaaaaaaaa1aa8 "f", con=3D0x0, prev_=3D0x0) at prepare.c:277<= br>#1 =C2=A00x0000fffff7f92aa8 in ecpg_prepared (name=3D0xaaaaaaaa1aa8 &quo= t;f", con=3D0x0) at prepare.c:393
#2 =C2=A00x0000fffff7f92afc in EC= PGprepared_statement (connection_name=3D0x0, name=3D0xaaaaaaaa1aa8 "f&= quot;, lineno=3D53)
=C2=A0 =C2=A0 at prepare.c:404

#3 =C2=A00x0000= aaaaaaaa0f74 in main () at /home/shrkc/work/postgres/inst/bin/execute.pgc:5= 2

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0=C2=A0

Seg fault in ECPGdeallocate_all() :=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0
Program received signal SIGSEGV, Segmentation fault.
0x000= 0fffff7f92a2c in ecpg_deallocate_all_conn (lineno=3D25, c=3DECPG_COMPAT_PGS= QL, con=3D0x0) at prepare.c:372
372 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 while (con->prep_stmts)
(gdb) bt
#0 =C2=A00x0000fffff7f92a2= c in ecpg_deallocate_all_conn (lineno=3D25, c=3DECPG_COMPAT_PGSQL, con=3D0x= 0) at prepare.c:372
#1 =C2=A00x0000fffff7f92a78 in ECPGdeallocate_all (l= ineno=3D25, compat=3D0, connection_name=3D0x0) at prepare.c:384
#2 =C2= =A00x0000aaaaaaaa0e60 in main () at /home/shrkc/work/postgres/inst/bin/desc= .pgc:25


Please find the proposed patch attached below for = your review.


Thanks & Regards,

Shruthi K C

EnterpriseDB:=C2=A0http= ://www.enterprisedb.com

--00000000000099d8f0064572982e-- --00000000000099d8f20645729830 Content-Type: application/octet-stream; name="v1-0001-Fix-Add-connection-validation-to-ECPGdeallocate_a.patch" Content-Disposition: attachment; filename="v1-0001-Fix-Add-connection-validation-to-ECPGdeallocate_a.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mixb0m070 RnJvbSAyZjU3MDA3ZjIwMWM1YzY1YjIxZDNiYWI4NjZjNzQ4OGM5NjZhNDk0IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBzaHJ1dGhpIGdvd2RhIDxzaHJ1dGhpLmtjQGVudGVycHJpc2Vk Yi5jb20+CkRhdGU6IE1vbiwgOCBEZWMgMjAyNSAxNToyMDowOCArMDAwMApTdWJqZWN0OiBbUEFU Q0ggdjFdIEZpeDogQWRkIGNvbm5lY3Rpb24gdmFsaWRhdGlvbiB0byBFQ1BHZGVhbGxvY2F0ZV9h bGwoKSBhbmQKIEVDUEdwcmVwYXJlZF9zdGF0ZW1lbnQoKQoKVGhpcyBjb21taXQgYWRkcyB0aGUg cmVxdWlyZWQgY29ubmVjdGlvbiB2YWxpZGF0aW9uIGF0IHRoZSBzdGFydCBvZiB0aGVzZQpmdW5j dGlvbnMgdG8gZW5zdXJlIHRoZXkgaGFuZGxlIGEgZGlzY29ubmVjdGVkIHN0YXRlIGdyYWNlZnVs bHkgd2l0aG91dApjcmFzaGluZyB0aGUgYXBwbGljYXRpb24uCi0tLQogc3JjL2ludGVyZmFjZXMv ZWNwZy9lY3BnbGliL3ByZXBhcmUuYyB8IDI0ICsrKysrKysrKysrKysrKysrKysrLS0tLQogMSBm aWxlIGNoYW5nZWQsIDIwIGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0 IGEvc3JjL2ludGVyZmFjZXMvZWNwZy9lY3BnbGliL3ByZXBhcmUuYyBiL3NyYy9pbnRlcmZhY2Vz L2VjcGcvZWNwZ2xpYi9wcmVwYXJlLmMKaW5kZXggNWM3YzUzOTc1MzUuLjk2YmU0Mzk2NDE1IDEw MDY0NAotLS0gYS9zcmMvaW50ZXJmYWNlcy9lY3BnL2VjcGdsaWIvcHJlcGFyZS5jCisrKyBiL3Ny Yy9pbnRlcmZhY2VzL2VjcGcvZWNwZ2xpYi9wcmVwYXJlLmMKQEAgLTM4MSw4ICszODEsMTYgQEAg ZWNwZ19kZWFsbG9jYXRlX2FsbF9jb25uKGludCBsaW5lbm8sIGVudW0gQ09NUEFUX01PREUgYywg c3RydWN0IGNvbm5lY3Rpb24gKmNvbikKIGJvb2wKIEVDUEdkZWFsbG9jYXRlX2FsbChpbnQgbGlu ZW5vLCBpbnQgY29tcGF0LCBjb25zdCBjaGFyICpjb25uZWN0aW9uX25hbWUpCiB7Ci0JcmV0dXJu IGVjcGdfZGVhbGxvY2F0ZV9hbGxfY29ubihsaW5lbm8sIGNvbXBhdCwKLQkJCQkJCQkJCWVjcGdf Z2V0X2Nvbm5lY3Rpb24oY29ubmVjdGlvbl9uYW1lKSk7CisJc3RydWN0IGNvbm5lY3Rpb24gKmNv bjsKKworCWNvbiA9IGVjcGdfZ2V0X2Nvbm5lY3Rpb24oY29ubmVjdGlvbl9uYW1lKTsKKwlpZiAo IWNvbikKKwl7CisJCWVjcGdfcmFpc2UobGluZW5vLCBFQ1BHX05PX0NPTk4sIEVDUEdfU1FMU1RB VEVfQ09OTkVDVElPTl9ET0VTX05PVF9FWElTVCwKKwkJCQkgICBjb25uZWN0aW9uX25hbWUgPyBj b25uZWN0aW9uX25hbWUgOiBlY3BnX2dldHRleHQoIk5VTEwiKSk7CisJCXJldHVybiBmYWxzZTsK Kwl9CisJcmV0dXJuIGVjcGdfZGVhbGxvY2F0ZV9hbGxfY29ubihsaW5lbm8sIGNvbXBhdCwgY29u KTsKIH0KIAogY2hhciAqCkBAIC0zOTksOSArNDA3LDE3IEBAIGVjcGdfcHJlcGFyZWQoY29uc3Qg Y2hhciAqbmFtZSwgc3RydWN0IGNvbm5lY3Rpb24gKmNvbikKIGNoYXIgKgogRUNQR3ByZXBhcmVk X3N0YXRlbWVudChjb25zdCBjaGFyICpjb25uZWN0aW9uX25hbWUsIGNvbnN0IGNoYXIgKm5hbWUs IGludCBsaW5lbm8pCiB7Ci0JKHZvaWQpIGxpbmVubzsJCQkJLyoga2VlcCB0aGUgY29tcGlsZXIg cXVpZXQgKi8KKwlzdHJ1Y3QgY29ubmVjdGlvbiAqY29uOworCisJY29uID0gZWNwZ19nZXRfY29u bmVjdGlvbihjb25uZWN0aW9uX25hbWUpOworCWlmICghY29uKQorCXsKKwkJZWNwZ19yYWlzZShs aW5lbm8sIEVDUEdfTk9fQ09OTiwgRUNQR19TUUxTVEFURV9DT05ORUNUSU9OX0RPRVNfTk9UX0VY SVNULAorCQkJCSAgIGNvbm5lY3Rpb25fbmFtZSA/IGNvbm5lY3Rpb25fbmFtZSA6IGVjcGdfZ2V0 dGV4dCgiTlVMTCIpKTsKKwkJcmV0dXJuIE5VTEw7CisJfQogCi0JcmV0dXJuIGVjcGdfcHJlcGFy ZWQobmFtZSwgZWNwZ19nZXRfY29ubmVjdGlvbihjb25uZWN0aW9uX25hbWUpKTsKKwlyZXR1cm4g ZWNwZ19wcmVwYXJlZChuYW1lLCBjb24pOwogfQogCiAvKgotLSAKMi40My4wCgo= --00000000000099d8f20645729830--