From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Richard Guo <guofenglinux(at)gmail(dot)com> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Fix NULL pointer reference in _outPathTarget() |
Date: | 2022-04-18 18:53:41 |
Message-ID: | 2368593.1650308021@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Richard Guo <guofenglinux(at)gmail(dot)com> writes:
> The array sortgrouprefs[] inside PathTarget might be NULL if we have not
> identified sort/group columns in this tlist. In that case we would have
> a NULL pointer reference in _outPathTarget() when trying to print
> sortgrouprefs[] with WRITE_INDEX_ARRAY as we are using the length of
> PathTarget->exprs as its array length.
I wondered why we'd not noticed this long since, and the answer is that
it got broken relatively recently by bdeb2c4ec, which removed the former
conditionality of the code:
@@ -2510,14 +2517,7 @@ _outPathTarget(StringInfo str, const PathTarget *node)
WRITE_NODE_TYPE("PATHTARGET");
WRITE_NODE_FIELD(exprs);
- if (node->sortgrouprefs)
- {
- int i;
-
- appendStringInfoString(str, " :sortgrouprefs");
- for (i = 0; i < list_length(node->exprs); i++)
- appendStringInfo(str, " %u", node->sortgrouprefs[i]);
- }
+ WRITE_INDEX_ARRAY(sortgrouprefs, list_length(node->exprs));
WRITE_FLOAT_FIELD(cost.startup, "%.2f");
WRITE_FLOAT_FIELD(cost.per_tuple, "%.2f");
WRITE_INT_FIELD(width);
A semantics-preserving conversion would have looked something like
if (node->sortgrouprefs)
WRITE_INDEX_ARRAY(sortgrouprefs, list_length(node->exprs));
I suppose that Peter was trying to remove special cases from the
outfuncs.c code, but do we want to put this one back? Richard's
proposal would not accurately reflect the contents of the data
structure, so I'm not too thrilled with it.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2022-04-18 19:04:43 | Why does pg_class.reltuples count only live tuples in indexes (after VACUUM runs)? |
Previous Message | Nathan Bossart | 2022-04-18 18:23:36 | Re: avoid multiple hard links to same WAL file after a crash |