Re: [PATCH] avoid buffer underflow in errfinish()

A side question: at src/backend/storage/lmgr/proc.c:1150, is there a
null pointer deference for `autovac'?

There is a null pointer check `autovac != NULL', but the pointer is
already dereferenced earlier when initializing `autovac_pgxact'. Is
this null pointer check redundant, or should we move the dereference
`autovac->pgprocno' after the check? Thanks.

On Sat, Mar 23, 2013 at 6:38 PM, Xi Wang <xi(dot)wang(at)gmail(dot)com> wrote:
> CHECK_STACK_DEPTH checks if errordata_stack_depth is negative.
> Move the dereference of &errordata[errordata_stack_depth] after
> the check to avoid out-of-bounds read.
> ---
> src/backend/utils/error/elog.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
> index 3a211bf..47a0a8b 100644
> --- a/src/backend/utils/error/elog.c
> +++ b/src/backend/utils/error/elog.c
> @@ -393,13 +393,15 @@ void
> errfinish(int dummy,...)
> {
> ErrorData *edata = &errordata[errordata_stack_depth];
> - int elevel = edata->elevel;
> + int elevel;
> MemoryContext oldcontext;
> ErrorContextCallback *econtext;
>
> recursion_depth++;
> CHECK_STACK_DEPTH();
>
> + elevel = edata->elevel;
> +
> /*
> * Do processing in ErrorContext, which we hope has enough reserved space
> * to report an error.
> --
> 1.7.10.4
>