Re: BUG #19092: scram_free() will free on address which was not malloc()-ed in pg_scram_mech
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
Cc: 13952878799@163.com, pgsql-bugs@lists.postgresql.org
Date: 2025-10-21T15:06:19Z
Lists: pgsql-bugs
Daniel Gustafsson <daniel@yesql.se> writes: >> On 21 Oct 2025, at 09:43, PG Bug reporting form <noreply@postgresql.org> wrote: >> The issue is about the only implementation of pg_fe_sasl_mech interface: >> pg_scram_mech. In the init func of pg_scram_mech, the variable >> state->password is assigned by variable prep_password, which is prepared in >> function pg_saslprep(). However, pg_saslprep() will use palloc/pfree or >> malloc/free determined by FRONTEND > Mixing frontend and backend code like that seems to register somewhere on the > "break it and you get to keep both pieces" scale. We'd really need to see a concrete example to decide whether this is a PG bug or user error. I think the SASL stuff is sufficiently poorly tested that it could be a previously-unknown PG bug, but it's not clear. So: test case, please. >> This issue occurred when I was attempting to make a connection to Backend >> via libpq interfaces in Backend itself. > You tried to open a new database connection from a backend by embedding a libpq > client into the backend? postgres_fdw and dblink both do that. The operation is ticklish enough that we've developed some common infrastructure, which maybe you should be using: see src/include/libpq/libpq-be-fe.h and src/include/libpq/libpq-be-fe-helpers.h. regards, tom lane