From 7aa066f11d24d500ae103fd532d85fc39311e2b1 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 18 Apr 2005 17:11:05 +0000
Subject: [PATCH] record_in and record_recv must be careful to return a
 separately pfree'able result, since some callers expect to be able to pfree
 the result of a pass-by-reference function.  Per report from Chris Trawick.

---
 src/backend/utils/adt/rowtypes.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/backend/utils/adt/rowtypes.c b/src/backend/utils/adt/rowtypes.c
index 32c1f381f6..79f04a124e 100644
--- a/src/backend/utils/adt/rowtypes.c
+++ b/src/backend/utils/adt/rowtypes.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/adt/rowtypes.c,v 1.8 2004/12/31 22:01:22 pgsql Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/adt/rowtypes.c,v 1.9 2005/04/18 17:11:05 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -54,6 +54,7 @@ record_in(PG_FUNCTION_ARGS)
 {
 	char	   *string = PG_GETARG_CSTRING(0);
 	Oid			tupType = PG_GETARG_OID(1);
+	HeapTupleHeader result;
 	int32		tupTypmod;
 	TupleDesc	tupdesc;
 	HeapTuple	tuple;
@@ -244,11 +245,20 @@ record_in(PG_FUNCTION_ARGS)
 
 	tuple = heap_formtuple(tupdesc, values, nulls);
 
+	/*
+	 * We cannot return tuple->t_data because heap_formtuple allocates it
+	 * as part of a larger chunk, and our caller may expect to be able to
+	 * pfree our result.  So must copy the info into a new palloc chunk.
+	 */
+	result = (HeapTupleHeader) palloc(tuple->t_len);
+	memcpy(result, tuple->t_data, tuple->t_len);
+
+	heap_freetuple(tuple);
 	pfree(buf.data);
 	pfree(values);
 	pfree(nulls);
 
-	PG_RETURN_HEAPTUPLEHEADER(tuple->t_data);
+	PG_RETURN_HEAPTUPLEHEADER(result);
 }
 
 /*
@@ -419,6 +429,7 @@ record_recv(PG_FUNCTION_ARGS)
 {
 	StringInfo	buf = (StringInfo) PG_GETARG_POINTER(0);
 	Oid			tupType = PG_GETARG_OID(1);
+	HeapTupleHeader result;
 	int32		tupTypmod;
 	TupleDesc	tupdesc;
 	HeapTuple	tuple;
@@ -580,10 +591,19 @@ record_recv(PG_FUNCTION_ARGS)
 
 	tuple = heap_formtuple(tupdesc, values, nulls);
 
+	/*
+	 * We cannot return tuple->t_data because heap_formtuple allocates it
+	 * as part of a larger chunk, and our caller may expect to be able to
+	 * pfree our result.  So must copy the info into a new palloc chunk.
+	 */
+	result = (HeapTupleHeader) palloc(tuple->t_len);
+	memcpy(result, tuple->t_data, tuple->t_len);
+
+	heap_freetuple(tuple);
 	pfree(values);
 	pfree(nulls);
 
-	PG_RETURN_HEAPTUPLEHEADER(tuple->t_data);
+	PG_RETURN_HEAPTUPLEHEADER(result);
 }
 
 /*