From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
---|---|
To: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Potential pointer dereference in plperl.c (caused by transforms patch) |
Date: | 2015-05-04 05:02:18 |
Message-ID: | CAB7nPqRBCWAXTLw0yBR=BK94cRYXU8TWVxGyYoxautw08OKeXw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi all,
Coverity is pointing out that as argtypes = NULL in
plperl_call_perl_func(at)plperl(dot)c, we will have a pointer dereference if
desc->arg_arraytype[i] is not a valid OID, see here:
+ Oid *argtypes = NULL;
[...]
+ if (fcinfo->flinfo->fn_oid)
+ get_func_signature(fcinfo->flinfo->fn_oid, &argtypes, &nargs);
[...]
if (OidIsValid(desc->arg_arraytype[i]))
sv =
plperl_ref_from_pg_array(fcinfo->arg[i], desc->arg_arraytype[i]);
+ else if ((funcid =
get_transform_fromsql(argtypes[i],
current_call_data->prodesc->lang_oid,
current_call_data->prodesc->trftypes)))
+ sv = (SV *)
DatumGetPointer(OidFunctionCall1(funcid, fcinfo->arg[i]));
AFAIK, fcinfo->flinfo->fn_oid can be InvalidOid in this code path, so
shouldn't we protect a bit the code with something like the patch
attached?
Regards,
--
Michael
Attachment | Content-Type | Size |
---|---|---|
20150504_plperl_dereference.patch | text/x-diff | 1.1 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Martijn van Oosterhout | 2015-05-04 07:01:43 | Re: [HACKERS] optimization join on random value |
Previous Message | Michael Paquier | 2015-05-04 04:45:13 | Transforms patch not respecting if indentation |