BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
The following bug has been logged on the website:
Bug reference: 18888
Logged by: Daniel Elishakov
Email address: dan-eli@mail.ru
PostgreSQL version: 17.4
Operating system: Ubuntu 20.04
Description:
On 203 and 313 lines It seems that a struct data type should not be used in
'EXEC SQL SET DESCRIPTOR' command, so the code in question should never be
executed and it is not a problem. However there are no actual checks for
corrrectess of the provided data type. It is required to add a check against
wrong data types supplied by the user.
On Thu, Apr 10, 2025, at 1:39 PM, PG Bug reporting form wrote:
On 203 and 313 lines It seems that a struct data type should not be used in
'EXEC SQL SET DESCRIPTOR' command, so the code in question should never be
executed and it is not a problem. However there are no actual checks for
corrrectess of the provided data type. It is required to add a check against
wrong data types supplied by the user.
Which struct data type? struct variable?
Did you read find_variable()? At the end, it has
if (p == NULL)
mmfatal(PARSE_ERROR, "variable \"%s\" is not declared", name);
return p;
mmfatal() is marked as noreturn so it is not possible that find_variable()
returns NULL. Hence, struct variable *v is always a valid pointer.
If you're directly opening bug reports based on a static analyzer output
without a previous analysis, don't do that. These SATs generally report lots of
false positives. Instead, investigate each report and (if possible) create a
reproducible test case demonstrating that it is a real issue.
--
Euler Taveira
EDB https://www.enterprisedb.com/