Postgres Pro
Downloads
Home   >   mailing lists

pgsql: Make printf("%s", NULL) print "(null)" instead of crashing. - Mailing list pgsql-committers

From Tom Lane
Subject pgsql: Make printf("%s", NULL) print "(null)" instead of crashing.
Date
Msg-id E1m7Lel-0003kL-Qo@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
Tree view 
Make printf("%s", NULL) print "(null)" instead of crashing.

We previously took a hard-line attitude that callers should never print
a null string pointer, and doing so is worthy of an assertion failure
or crash.  However, we've long since flushed out any easy-to-find bugs
of that nature.  What remains is a lot of code that perhaps could fail
that way in hard-to-reach corner cases.  For example, in something as
simple as
    ereport(ERROR,
            (errcode(ERRCODE_UNDEFINED_OBJECT),
             errmsg("constraint \"%s\" for table \"%s\" does not exist",
                    conname, get_rel_name(relid))));
one must wonder whether it's completely guaranteed that get_rel_name
cannot return NULL in this context.  If such a situation did occur,
the existing policy converts what might be a pretty minor bug into
a server crash condition.  This is not good for robustness.

Hence, let's follow the lead of glibc and print "(null)" instead
of failing.  We should, of course, still consider it a bug if that
behavior is reachable in ordinary use; but crashing seems less
desirable than not crashing.

This fix works across-the-board in v12 and up, where we always use
src/port/snprintf.c.  Before that, on most platforms we're at the mercy
of the local libc, but it appears that Solaris 10 is the only supported
platform where we'd still get a crash.  Most other platforms such as
*BSD, macOS, and Solaris 11 have adopted glibc's behavior at some
point.  (AIX and HPUX just print "" not "(null)", but that's close
enough.)  I've not checked what Windows' native printf would do, but
it doesn't matter because we've long used snprintf.c on that platform.

In v12 and up, also const-ify related code so that we're not casting
away const on the constant string.  This is just neatnik-ism, since
next to no compilers will warn about that.

Discussion: https://postgr.es/m/17098-b960f3616c861f83@postgresql.org

Branch
------
REL_12_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/4c8a14e8d993e10b9851eb6be225b151bc4e233b

Modified Files
--------------
src/port/snprintf.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)

pgsql-committers by date:

Previous
From: Tom Lane
Date:
Subject: pgsql: Remove configure-time thread safety checking (thread_test.c).
Next
From: Tom Lane
Date:
Subject: pgsql: Fix check for conflicting session- vs transaction-level locks.