On Mon, Apr 6, 2026 at 1:40 PM Галкин Сергей <galkin@rutoken.ru> wrote:
Hello, a static analyzer pointed out a possible NULL dereference at the end of json_errdetail() (src/common/jsonapi.c):
return lex->errormsg->data;
That seemed plausible to me, since there is a comment just above saying that lex->errormsg can be NULL in shlib code. I also checked PQExpBufferBroken(), and it does handle NULL, but that call is under #ifdef, while the final access to lex->errormsg->data is unconditional.
I may be missing some invariant here, but it seems worth adding an explicit NULL check. I prepared a corresponding patch and am attaching it below in case you agree that this is a real issue.
diff --git a/src/common/jsonapi.c b/src/common/jsonapi.c index 1145d93945f..192040b5443 100644 --- a/src/common/jsonapi.c +++ b/src/common/jsonapi.c @@ -2525,6 +2525,9 @@ json_errdetail(JsonParseErrorType error, JsonLexContext *lex) if (PQExpBufferBroken(lex->errormsg)) return _("out of memory while constructing error description"); #endif + + if (!lex->errormsg) + return _("out of memory while constructing error description");
