From d14b591207b3519830c874356407ac84ef2dbdfa Mon Sep 17 00:00:00 2001
From: Dan Dees <dand@appsmiths.com>
Date: Tue, 6 Jan 2026 16:22:12 +0700
Subject: [PATCH] Fixed: ASan heap-use-after-free in Statement/Rsr ownership

Clear rsr_self before Statement::statement member becomes invalid.

The Rsr::rsr_self pointer was left dangling when Statement was freed before the Rsr, causing use-after-free when Rsr destructor accessed it.

Added Statement destructor and explicit clear in freeClientData.
---
 src/remote/client/interface.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/remote/client/interface.cpp b/src/remote/client/interface.cpp
index fc4b6d739ac..a519f575d83 100644
--- a/src/remote/client/interface.cpp
+++ b/src/remote/client/interface.cpp
@@ -739,6 +739,12 @@ class Statement final : public RefCntIface<IStatementImpl<Statement, CheckStatus
 	void freeClientData(CheckStatusWrapper* status, bool force = false);
 	void internalFree(CheckStatusWrapper* status);
 
+	~Statement()
+	{
+		if (statement)
+			statement->rsr_self = NULL;
+	}
+
 	StatementMetadata metadata;
 	Attachment* remAtt;
 	Rsr* statement;
@@ -4278,6 +4284,8 @@ void Statement::freeClientData(CheckStatusWrapper* status, bool force)
 			clear_queue(rdb->rdb_port);
 			REMOTE_reset_statement(statement);
 		}
+		if (statement)
+			statement->rsr_self = NULL;
 		statement = NULL;
 	}
 	catch (const Exception& ex)