| From: | Alexander Kuznetsov <kuznetsovam(at)altlinux(dot)org> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, nickel(at)altlinux(dot)org, egori(at)altlinux(dot)org |
| Subject: | Re: Possible null pointer dereference in afterTriggerAddEvent() |
| Date: | 2024-09-24 14:50:59 |
| Message-ID: | e1592981-c38c-49b1-ae30-a4f66e58863b@altlinux.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
is there anything else we can help with or discuss in order to apply this fix?
26.07.2024 12:16, Alexander Kuznetsov пишет:
> 25.07.2024 20:07, Alvaro Herrera wrote:
>> Maybe for sanity (and perhaps for Svace compliance) we could do it the
>> other way around, i.e. by testing events->tail for nullness instead of
>> events->head, then add the assertion:
>>
>> if (events->tail == NULL)
>> {
>> Assert(events->head == NULL);
>> events->head = chunk;
>> }
>> else
>> events->tail->next = chunk;
>>
>> This way, it's not wholly redundant.
> Thanks for your response!
> I agree with the proposed changes and have updated the patch accordingly. Version 2 is attached.
>> That said, I'm not sure we actually *need* to change this.
> I understand and partly agree. But it appears that with these changes, the dereference of a null pointer is impossible even in builds where assertions are disabled. Previously, this issue could theoretically occur. Consequently, these changes slightly enhance overall security.
>
--
Best regards,
Alexander Kuznetsov
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Kuznetsov | 2024-09-24 14:52:32 | Re: Detect buffer underflow in get_th() |
| Previous Message | Nathan Bossart | 2024-09-24 14:48:04 | Re: [PATCH] Support Int64 GUCs |