BUG#36702939: connection_cext has a memory leak in the python mysql-connector

oscpache · oscpache · commit 586652ad14b2 · 2024-12-16T11:46:37.000-06:00
With this patch, the connection API command `get_rows()`
of the C-extension implementation stops leaking memory
when working with and without prepared statements.

Change-Id: I7251eb19c9901c56694dd38d8a8c19885cd5f24b
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -14,6 +14,7 @@ v9.2.0
 - WL#16381: Add support for read and write timeouts
 - WL#16285: Remake Multi Statement Execution
 - BUG#37145655: MySQL Connector/Python Configuration Files RCE
+- BUG#36702939: connection_cext has a memory leak in the python mysql-connector
 - BUG#36922645: Option `connection_timeout` is overwritten and works as "query" timeout instead
 - BUG#36126909: "Unread result found" exception/bad MySQLCursor.statement when query text contains code comments
 - BUG#35810050: Executing multiple statements fails when importing Sakila
diff --git a/mysql-connector-python/src/mysql_capi.c b/mysql-connector-python/src/mysql_capi.c
@@ -2797,11 +2797,18 @@ MySQL_fetch_row(MySQL *self)
             else {
                 if (field_flags & SET_FLAG) {
                     if (!strlen(row[i])) {
+                        Py_XDECREF(value);
                         value = PySet_New(NULL);
                     }
                     else {
-                        value =
-                            PySet_New(PyUnicode_Split(value, PyUnicode_FromString(","), -1));
+                        PyObject *sep = PyUnicode_FromString(",");
+                        PyObject *iterable = PyUnicode_Split(value, sep, -1);
+
+                        Py_XDECREF(value);
+                        value = PySet_New(iterable);
+
+                        Py_XDECREF(sep);
+                        Py_XDECREF(iterable);
                     }
                     if (!value) {
                         goto error;
@@ -3764,6 +3771,7 @@ MySQLPrepStmt_fetch_row(MySQLPrepStmt *self)
                     }
                     Py_XDECREF(mod_decimal);
                 }
+                Py_XDECREF(obj);
                 break;
             /* MYSQL_TYPE_CHAR, MYSQL_TYPE_VARCHAR, MYSQL_TYPE_STRING, */
             /* MYSQL_TYPE_VAR_STRING, MYSQL_TYPE_GEOMETRY, MYSQL_TYPE_BLOB */
@@ -3788,7 +3796,7 @@ MySQLPrepStmt_fetch_row(MySQLPrepStmt *self)
                     }
 
                     for (token = strtok_r(PyBytes_AsString(obj), ",", &rest); token != NULL;
-                         token = strtok_r(NULL, ",", &rest)) {
+                        token = strtok_r(NULL, ",", &rest)) {
                         PyObject *us = PyUnicode_FromString(token);
                         PySet_Add(set, us);
                         Py_DECREF(us);
