Avoid double-free in vacuumlo error path.

The code would do "PQclear(res)" twice if lo_unlink failed, evidently due to careless thinking about how far out a "break" would break. Remove the extra PQclear and adjust the loop logic so that we'll fall out of both levels of loop after an error, as was clearly the intent. Spotted by Coverity. I have no idea why it took this long to notice, since the bug has been there since commit 67ccbb080. Accordingly, back-patch to all supported branches.
author: Tom Lane <tgl@sss.pgh.pa.us> 2019-03-24 15:13:21 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2019-03-24 15:13:21 -0400
commit: 9264888225ac4dabf399f06775073e14c38a87f7 (patch)
tree: bfb882133c2521231dfb55647d5b7b259f702427
parent: f8a69a68a08715ab5101a9a5eed4e08ba0b3946b (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c
index 8f150273854..fd8dce5666b 100644
--- a/contrib/vacuumlo/vacuumlo.c
+++ b/contrib/vacuumlo/vacuumlo.c
@@ -311,7 +311,7 @@ vacuumlo(const char *database, const struct _param * param)
 
 	deleted = 0;
 
-	while (1)
+	do
 	{
 		res = PQexec(conn, buf);
 		if (PQresultStatus(res) != PGRES_TUPLES_OK)
@@ -349,8 +349,7 @@ vacuumlo(const char *database, const struct _param * param)
 					if (PQtransactionStatus(conn) == PQTRANS_INERROR)
 					{
 						success = false;
-						PQclear(res);
-						break;
+						break;	/* out of inner for-loop */
 					}
 				}
 				else
@@ -388,7 +387,7 @@ vacuumlo(const char *database, const struct _param * param)
 		}
 
 		PQclear(res);
-	}
+	} while (success);
 
 	/*
 	 * That's all folks!
author	Tom Lane <tgl@sss.pgh.pa.us>	2019-03-24 15:13:21 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2019-03-24 15:13:21 -0400
commit	9264888225ac4dabf399f06775073e14c38a87f7 (patch)
tree	bfb882133c2521231dfb55647d5b7b259f702427
parent	f8a69a68a08715ab5101a9a5eed4e08ba0b3946b (diff)