Do we have any supported platforms where dereferencing a null pointer
doesn't trigger coredump?
I'm wondering about this after noticing the likely side effects of
fd.c's failure to check for null result from malloc(): it'll try to
strcpy() filenames to location zero. If it succeeds, you could end up
with multiple VFDs sharing the same filename string. Which could lead
to, eg, writing on or even deleting one file under the delusion that
we were writing/deleting another.
With sufficient suspension of disbelief about how long a backend
could run at zero free memory before elog'ing, this might explain
the two recent reports of Postgres apparently deleting a file it
shouldn't have. (I'm not sure I really believe that, but given
the way palloc works it's not out of the question. I've added
appropriate checks to fd.c, just in case.)
AFAIK, null pointer deref -> SIGSEGV is standard behavior on most
platforms these days, and we take steps to select that behavior on
some nonconformists like HPUX. But I'm wondering if there are any
platforms we could select it on and have forgotten to. I think it
would be a real good idea to turn on null pointer crash anywhere
we can.
regards, tom lane
