| From: | Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | bianpan2016(at)163(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #14927: Unchecked SearchSysCache1() return value |
| Date: | 2017-11-27 10:20:51 |
| Message-ID: | ca5461f9-1d9b-dd89-2c58-cd6202cfdb5d@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 2017/11/27 18:01, bianpan2016(at)163(dot)com wrote:
> The following bug has been logged on the website:
>
> Bug reference: 14927
> Logged by: Pan Bian
> Email address: bianpan2016(at)163(dot)com
> PostgreSQL version: 10.1
> Operating system: Linux
> Description:
>
> File: postgresql-10.1/src/backend/catalog/heap.c
> Function: heap_drop_with_catalog
> Line: 1771
>
> Function SearchSysCache1() may return a NULL pointer, but in
> heap_drop_with_catalog(), its return value is not validated before it is
> dereferenced. To avoid NULL dereference, it is better to check the return
> value of SearchSysCache1() against NULL.
>
> For your convenience, I paste related codes as follows:
>
> 1771 tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
> 1772 if (((Form_pg_class) GETSTRUCT(tuple))->relispartition)
> 1773 {
> 1774 parentOid = get_partition_parent(relid);
> 1775 LockRelationOid(parentOid, AccessExclusiveLock);
> 1776 }
> 1777
> 1778 ReleaseSysCache(tuple);
Thanks for the report. Attached a patch that adds a check that tuple is
valid before trying to dereference it.
Thanks,
Amit
| Attachment | Content-Type | Size |
|---|---|---|
| syscache-check-tuple-heap.patch | text/plain | 1.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Langote | 2017-11-27 10:21:32 | Re: BUG #14928: Unchecked SearchSysCacheCopy1() return value |
| Previous Message | bianpan2016 | 2017-11-27 09:53:39 | BUG #14931: Unchecked attnum value in ATExecAlterColumnType() |