Thread

  1. Re: Fix mismatched deallocation functions

    Zsolt Parragi <zsolt.parragi@percona.com> — 2026-05-07T22:00:54Z

    Hello!
    
    There are many cases missed by the script, for example:
    
    tab-complete.in.c:7089:
    
    `previous_words = pg_malloc_array(char *, point);`
    
    tab-complete.in.c:6364:
    
    `completion_ref_object = pg_strdup(word);`
    
    tab-complete.in.c:7090:
    
    `*buffer = (char *) pg_malloc(point * 2);`
    
    There's also completion_ref_schema, which is an out parameter of
    parse_identifier, still freed in the patch.
    
    The strtokx change in stringutils.c is also strange - the patch
    converts one free at line 96, and leaves the same free a few lines
    above at line 73 as is.
    
    > I generated the patch with the help of Coccinelle[0]. I'm no expert with
    > Coccinelle, but it seemed like a good candidate to get this refactor
    > done. You can run the attached script in your tree with the following
    > command:
    
    If I had to do it, I would try to approach this with static analysis
    tools instead: a custom rule that enforces attribute declarations for
    return values / output parameters allocated by pg_malloc and similar
    functions. Without attributes everywhere, these checks will never be
    complete because tools won't be able to fully reason about cross
    source file call paths.
    For example clang-tidy even has an auto fix mode that could apply
    these attributes automatically.
    
    With the attributes in place, we would automatically receive warnings
    for every incorrect free attribute, which a tool could then
    automatically fix.
    
    If we want to avoid generating noise by placing attributes everywhere
    in the source (I'm not sure how noisy that would be), that part could
    be a specialized CI run instead, since the transformation itself can
    be automated.