| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Michael Mueller <mmueller(at)vigilantsw(dot)com>, Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Potential NULL dereference found in typecmds.c |
| Date: | 2011-07-04 12:53:06 |
| Message-ID: | CABUevExJoAwFEzUg1schREYJeP98oUT7ftRZrh7oLp6i17s2vw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Jul 2, 2011 at 20:10, Michael Mueller <mmueller(at)vigilantsw(dot)com> wrote:
> Hi folks,
>
> Sentry found this error last night, and it looks serious enough to
> report. The error was introduced in commit 426cafc. Here's the code
> in question, starting at line 2096:
>
> if (!found)
> {
> con = NULL; /* keep compiler quiet */
> ereport(ERROR,
> (errcode(ERRCODE_UNDEFINED_OBJECT),
> errmsg("constraint \"%s\" of domain \"%s\" does not exist",
> constrName, NameStr(con->conname))));
> }
>
> It sets 'con' to NULL and then in the next statement, dereferences it.
> I'm not sure if it's possible to reach this path, but if it is
> reachable it will cause a crash.
This code is no longer present in git head, *removed* by commit
426cafc. Not added by it. at least that's how I read the history...
However, it still looks to me like we could get to that code with
con=NULL - if the while loop is never executed. Perhaps this is a
can-never-happen situation? Alvaro?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2011-07-04 13:07:30 | Re: Potential NULL dereference found in typecmds.c |
| Previous Message | Shigeru Hanada | 2011-07-04 12:03:22 | Re: per-column generic option |