Home > mailing lists

Potential pointer dereference in plperl.c (caused by transforms patch) - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Potential pointer dereference in plperl.c (caused by transforms patch)
Date	May 4, 2015 08:02:27
Msg-id	CAB7nPqRBCWAXTLw0yBR=BK94cRYXU8TWVxGyYoxautw08OKeXw@mail.gmail.com Whole thread Raw
Responses	Re: Potential pointer dereference in plperl.c (caused by transforms patch) (Noah Misch <noah@leadboat.com>)
List	pgsql-hackers

Tree view

Hi all,

Coverity is pointing out that as argtypes = NULL in
plperl_call_perl_func@plperl.c, we will have a pointer dereference if
desc->arg_arraytype[i] is not a valid OID, see here:
+       Oid                *argtypes = NULL;
[...]
+       if (fcinfo->flinfo->fn_oid)
+               get_func_signature(fcinfo->flinfo->fn_oid, &argtypes, &nargs);
[...]
                        if (OidIsValid(desc->arg_arraytype[i]))
                                sv =
plperl_ref_from_pg_array(fcinfo->arg[i], desc->arg_arraytype[i]);
+                       else if ((funcid =
get_transform_fromsql(argtypes[i],
current_call_data->prodesc->lang_oid,
current_call_data->prodesc->trftypes)))
+                               sv = (SV *)
DatumGetPointer(OidFunctionCall1(funcid, fcinfo->arg[i]));
AFAIK, fcinfo->flinfo->fn_oid can be InvalidOid in this code path, so
shouldn't we protect a bit the code with something like the patch
attached?
Regards,
--
Michael

Attachment

20150504_plperl_dereference.patch

pgsql-hackers by date:

From: Michael Paquier
Date: 04 May 2015, 07:45:26
Subject: Transforms patch not respecting if indentation

From: Bernd Helmle
Date: 04 May 2015, 11:36:31
Subject: Re: Disabling trust/ident authentication configure option

Potential pointer dereference in plperl.c (caused by transforms patch) - Mailing list pgsql-hackers

Attachment

Previous

Next