From a665798c57207e35eee9b106b0da3dab4e1964a3 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 5 Dec 2017 14:14:55 -0500 Subject: [PATCH] PL/Python: Fix potential NULL pointer dereference After d0aa965c0a0ac2ff7906ae1b1dad50a7952efa56, one error path in PLy_spi_execute_fetch_result() could result in the variable "result" being dereferenced after being set to NULL. Put a conditional around that to fix that. Also add another SPI_freetuptable() call so that that is cleared in all error paths. discovered by John Naylor via scan-build --- src/pl/plpython/plpy_spi.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/pl/plpython/plpy_spi.c b/src/pl/plpython/plpy_spi.c index ade27f3924..39d1c92fc4 100644 --- a/src/pl/plpython/plpy_spi.c +++ b/src/pl/plpython/plpy_spi.c @@ -361,7 +361,10 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, uint64 rows, int status) result = (PLyResultObject *) PLy_result_new(); if (!result) + { + SPI_freetuptable(tuptable); return NULL; + } Py_DECREF(result->status); result->status = PyInt_FromLong(status); @@ -440,9 +443,12 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, uint64 rows, int status) * possible, to minimize the number of ways the tupdesc could get * leaked due to errors.) */ - oldcontext2 = MemoryContextSwitchTo(TopMemoryContext); - result->tupdesc = CreateTupleDescCopy(tuptable->tupdesc); - MemoryContextSwitchTo(oldcontext2); + if (result) + { + oldcontext2 = MemoryContextSwitchTo(TopMemoryContext); + result->tupdesc = CreateTupleDescCopy(tuptable->tupdesc); + MemoryContextSwitchTo(oldcontext2); + } } PG_CATCH(); { -- 2.15.0