From 4dfb30a45b767994c074bbfcbb8494b8ada19b33 Mon Sep 17 00:00:00 2001
From: hvlad <hvlad@users.sourceforge.net>
Date: Sat, 23 Jan 2021 14:25:21 +0200
Subject: [PATCH] Fixed bug CORE-6475 :  Memory leak when running EXECUTE
 STATEMENT with named parameters Also, added check for parameter name length
 not exceeding MAX_SQL_IDENTIFIER_LEN (it is anyway limited at the SQL\BLR
 parsers level).

---
 src/jrd/extds/ExtDS.cpp | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/jrd/extds/ExtDS.cpp b/src/jrd/extds/ExtDS.cpp
index 74721d4053..e45b5f363a 100644
--- a/src/jrd/extds/ExtDS.cpp
+++ b/src/jrd/extds/ExtDS.cpp
@@ -2104,14 +2104,19 @@ void Statement::preprocess(const string& sql, string& ret)
 				// hvlad: TODO check quoted param names
 				ident.assign(start + 1, p - start - 1);
 				if (tok == ttIdent)
+				{
+					if (ident.length() > MAX_SQL_IDENTIFIER_LEN)
+						ERR_post(Arg::Gds(isc_eds_preprocess) <<
+								 Arg::Gds(isc_dyn_name_longer) <<
+								 Arg::Gds(isc_random) << Arg::Str(ident));
+
 					ident.upper();
+				}
 
 				FB_SIZE_T n = 0;
-				if (!m_sqlParamNames.find(ident.c_str(), n))
-				{
-					MetaString* pName = FB_NEW_POOL(getPool()) MetaString(getPool(), ident);
-					n = m_sqlParamNames.add(*pName);
-				}
+				MetaString name(ident);
+				if (!m_sqlParamNames.find(name, n))
+					n = m_sqlParamNames.add(name);
 
 				m_sqlParamsMap.add(&m_sqlParamNames[n]);
 			}