Participants
PanBian
PanBian
Amit Langote
Amit Langote
Attachments
Download Latest Patchset
+5-0
Show all attachments
Thread Outline
#1PanBianPanBian
Nov 27, 2017
#2Amit LangoteAmit Langoteto PanBian (#1)
Nov 27, 2017
#3PanBianPanBianto Amit Langote (#2)
Nov 27, 2017

BUG #14927: Unchecked SearchSysCache1() return value

Started by PanBianover 8 years ago3 messagesbugs
Jump to latest
#1PanBian
PanBian
bianpan2016@163.com

The following bug has been logged on the website:

Bug reference: 14927
Logged by: Pan Bian
Email address: bianpan2016@163.com
PostgreSQL version: 10.1
Operating system: Linux
Description:

File: postgresql-10.1/src/backend/catalog/heap.c
Function: heap_drop_with_catalog
Line: 1771

Function SearchSysCache1() may return a NULL pointer, but in
heap_drop_with_catalog(), its return value is not validated before it is
dereferenced. To avoid NULL dereference, it is better to check the return
value of SearchSysCache1() against NULL.

For your convenience, I paste related codes as follows:

1771 tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
1772 if (((Form_pg_class) GETSTRUCT(tuple))->relispartition)
1773 {
1774 parentOid = get_partition_parent(relid);
1775 LockRelationOid(parentOid, AccessExclusiveLock);
1776 }
1777
1778 ReleaseSysCache(tuple);

Thank you!

Pan Bian

#2Amit Langote
Amit Langote
Langote_Amit_f8@lab.ntt.co.jp
In reply to: PanBian (#1)
Re: BUG #14927: Unchecked SearchSysCache1() return value

On 2017/11/27 18:01, bianpan2016@163.com wrote:

The following bug has been logged on the website:

Bug reference: 14927
Logged by: Pan Bian
Email address: bianpan2016@163.com
PostgreSQL version: 10.1
Operating system: Linux
Description:

File: postgresql-10.1/src/backend/catalog/heap.c
Function: heap_drop_with_catalog
Line: 1771

Function SearchSysCache1() may return a NULL pointer, but in
heap_drop_with_catalog(), its return value is not validated before it is
dereferenced. To avoid NULL dereference, it is better to check the return
value of SearchSysCache1() against NULL.

For your convenience, I paste related codes as follows:

1771 tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
1772 if (((Form_pg_class) GETSTRUCT(tuple))->relispartition)
1773 {
1774 parentOid = get_partition_parent(relid);
1775 LockRelationOid(parentOid, AccessExclusiveLock);
1776 }
1777
1778 ReleaseSysCache(tuple);

Thanks for the report. Attached a patch that adds a check that tuple is
valid before trying to dereference it.

Thanks,
Amit

Attachments:

syscache-check-tuple-heap.patchtext/plain; charset=UTF-8; name=syscache-check-tuple-heap.patchDownload+5-0
#3PanBian
PanBian
bianpan2016@163.com
In reply to: Amit Langote (#2)
Re: BUG #14927: Unchecked SearchSysCache1() return value

On Mon, Nov 27, 2017 at 07:20:51PM +0900, Amit Langote wrote:

On 2017/11/27 18:01, bianpan2016@163.com wrote:

The following bug has been logged on the website:

Bug reference: 14927
Logged by: Pan Bian
Email address: bianpan2016@163.com
PostgreSQL version: 10.1
Operating system: Linux
Description:

Thanks for the report. Attached a patch that adds a check that tuple is
valid before trying to dereference it.

Thanks,
Amit

Got it. These patches fixes the bug.

Thanks,
Pan Bian

← Back to Topics