Re: [PATCH] avoid buffer underflow in errfinish() - Mailing list pgsql-hackers

A side question: at src/backend/storage/lmgr/proc.c:1150, is there a
null pointer deference for `autovac'?

There is a null pointer check `autovac != NULL', but the pointer is
already dereferenced earlier when initializing `autovac_pgxact'.  Is
this null pointer check redundant, or should we move the dereference
`autovac->pgprocno' after the check?  Thanks.

On Sat, Mar 23, 2013 at 6:38 PM, Xi Wang <xi.wang@gmail.com> wrote:
> CHECK_STACK_DEPTH checks if errordata_stack_depth is negative.
> Move the dereference of &errordata[errordata_stack_depth] after
> the check to avoid out-of-bounds read.
> ---
>  src/backend/utils/error/elog.c |    4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
> index 3a211bf..47a0a8b 100644
> --- a/src/backend/utils/error/elog.c
> +++ b/src/backend/utils/error/elog.c
> @@ -393,13 +393,15 @@ void
>  errfinish(int dummy,...)
>  {
>         ErrorData  *edata = &errordata[errordata_stack_depth];
> -       int                     elevel = edata->elevel;
> +       int                     elevel;
>         MemoryContext oldcontext;
>         ErrorContextCallback *econtext;
>
>         recursion_depth++;
>         CHECK_STACK_DEPTH();
>
> +       elevel = edata->elevel;
> +
>         /*
>          * Do processing in ErrorContext, which we hope has enough reserved space
>          * to report an error.
> --
> 1.7.10.4
>