On Wed, Sep 2, 2020 at 2:41 PM Ranier Vilela <ranier.vf@gmail.com> wrote:
> Maybe, better make sure, because:
> 3. Line 2285 (nbtutils.c):
> ItemPointerCopy(BTreeTupleGetMaxHeapTID(lastleft), pivotheaptid);
> 4. Line 2316 (nbtutils.c) :
> ItemPointerCopy(BTreeTupleGetHeapTID(firstright), pivotheaptid);
>
> Can dereference NULL pointer (pivotheaptid) at runtime (release version).
The entire codepath in question exists to set a new pivot tuple's heap
TID, in the case where we have to include a heap TID in a new leaf
page high key. This is a tuple in palloc()'d memory that we ourselves
just created.
We know that BTreeTupleGetHeapTID() will return a valid heap TID
pointer (a pointer into the end of the new pivot tuple buffer) because
we just marked the pivot tuple as having space for one ourselves -- we
still completely own the tuple. While it's true that in general
BTreeTupleGetHeapTID() can return a NULL pointer, it does not matter
here. Even if BTreeTupleGetHeapTID() did somehow return a NULL
pointer, then the user would be getting off lightly by experiencing a
hard crash instead of data corruption.
You should spend more time (as in more than zero time) trying to
understand the intent of the code that you write these reports about.
--
Peter Geoghegan
