Home > mailing lists

Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var() - Mailing list pgsql-hackers

From	Piotr Stefaniak
Subject	Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var()
Date	August 1, 2015 22:28:22
Msg-id	BLU436-SMTP188F5D8FF21E1CB990D441DF2890@phx.gbl Whole thread Raw
Responses	Re: Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var() (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Hello,

these two queries will make the assertions below fail:
SELECT STDDEV(0.0);
SELECT 0.0 * 0;

diff --git a/src/backend/utils/adt/numeric.c 
b/src/backend/utils/adt/numeric.c
index 7ce41b7..6e642d8 100644
--- a/src/backend/utils/adt/numeric.c
+++ b/src/backend/utils/adt/numeric.c
@@ -4769,6 +4769,7 @@ set_var_from_var(NumericVar *value, NumericVar *dest)
        newbuf = digitbuf_alloc(value->ndigits + 1);        newbuf[0] = 0;                          /* spare digit for

rounding */
+       Assert(value->digits != NULL);        memcpy(newbuf + 1, value->digits, value->ndigits * 
sizeof(NumericDigit));
        digitbuf_free(dest->buf);
@@ -5090,6 +5091,7 @@ make_result(NumericVar *var)                result->choice.n_long.n_weight = weight;        }

+       Assert(digits != NULL);        memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit));
Assert(NUMERIC_NDIGITS(result)== n);

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 01 August 2015, 22:01:38
Subject: Re: pg_rewind failure by file deletion in source server

From: Peter Geoghegan
Date: 01 August 2015, 23:24:57
Subject: Re: Cleaning up missing ERRCODE assignments

Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var() - Mailing list pgsql-hackers

Previous

Next