From 4f0fb1d26a0de3e7c8d79a3d5a4800f4863cdfdb Mon Sep 17 00:00:00 2001
From: Edward Welbourne <edward.welbourne@qt.io>
Date: Mon, 21 Jun 2021 12:13:05 +0200
Subject: Fix potential double-free in QSqlCachedResult::cleanup()

If d->sql is non-null, it gets freed; later in the same function, it
gets reallocated, unless the query is empty, in which case the
now-freed value was still recorded, so that later clean-up might find
it and mistakenly think it needs to be freed again. Clear when freeing.

Change-Id: I8d37d2ba1fcaa320916eaf30dceaa720bbf62f38
Reviewed-by: Andy Shaw <andy.shaw@qt.io>
(cherry picked from commit 0e1da78ad36a0639275b7a0ac8a046f46577452d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/plugins/sqldrivers/oci/qsql_oci.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/plugins/sqldrivers/oci/qsql_oci.cpp b/src/plugins/sqldrivers/oci/qsql_oci.cpp
index 1ee4e26729..a3be29cb38 100644
--- a/src/plugins/sqldrivers/oci/qsql_oci.cpp
+++ b/src/plugins/sqldrivers/oci/qsql_oci.cpp
@@ -1983,7 +1983,9 @@ bool QOCIResult::prepare(const QString& query)
 
     if (d->sql) {
         r = OCIHandleFree(d->sql, OCI_HTYPE_STMT);
-        if (r != OCI_SUCCESS)
+        if (r == OCI_SUCCESS)
+            d->sql = nullptr;
+        else
             qOraWarning("QOCIResult::prepare: unable to free statement handle:", d->err);
     }
     if (query.isEmpty())
-- 
cgit v1.2.3