Re: BUG #18845: DEREF_OF_NULL.RET guc_malloc possibly returns NULL

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pm91(dot)arapov(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #18845: DEREF_OF_NULL.RET guc_malloc possibly returns NULL
Date: 2025-03-14 22:10:27
Message-ID: E132D362-A669-4606-AFE1-B45C9DFCC141@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

> On 14 Mar 2025, at 15:04, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Daniel Gustafsson <daniel(at)yesql(dot)se> writes:
>> Why would we want FATAL here? Wouldn't it be better to return false like how
>> other check_ functions already do?
>
> Indeed. Also, a quick survey shows a lot of inconsistency in
> guc_malloc callers --- some are lazy and just use ERROR rather
> than LOG-and-return. That's probably all right for PGC_POSTMASTER
> variables (since there's no chance of continuing anyway) but
> perhaps it's worth improving elsewhere.

Turns out there was one more guc_malloc(LOG.. which didn't inspect the
returned allocation in check_synchronized_standby_slots. On top of that there
were a few non PGC_POSTMASTER check functions that could return false and let
the GUC machinery handle it if we want to be consistent.

The fix for check_createrole_self_grant should go down to v16 and the fix for
check_synchronized_standby_slots down to 17, the other ones aren't bugs today
so that would be a changed behaviour in backbranches.

--
Daniel Gustafsson

Attachment Content-Type Size
v1-0001-Fix-guc_malloc-calls-to-check-for-OOM-and-return-.patch application/octet-stream 4.6 KB

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Viktor Holmberg 2025-03-15 15:32:39 Re: ISN extension - wrong volatility level for isn_weak() function
Previous Message Tom Lane 2025-03-14 16:56:54 Re: BUG #18851: Queries with xxx NOT IN (SELECT xxx FROM table) fail to run (or run very slowly) on v17 (v14 ok)