Thread: BUG #14927: Unchecked SearchSysCache1() return value

BUG #14927: Unchecked SearchSysCache1() return value

From

bianpan2016@163.com

Date:

27 November 2017, 15:01:05

The following bug has been logged on the website:

Bug reference:      14927
Logged by:          Pan Bian
Email address:      bianpan2016@163.com
PostgreSQL version: 10.1
Operating system:   Linux
Description:

File: postgresql-10.1/src/backend/catalog/heap.c
Function: heap_drop_with_catalog
Line: 1771

Function SearchSysCache1() may return a NULL pointer, but in
heap_drop_with_catalog(), its return value is not validated before it is
dereferenced. To avoid NULL dereference, it is better to check the return
value of SearchSysCache1() against NULL.

For your convenience, I paste related codes as follows:

1771     tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
1772     if (((Form_pg_class) GETSTRUCT(tuple))->relispartition)
1773     {
1774         parentOid = get_partition_parent(relid);
1775         LockRelationOid(parentOid, AccessExclusiveLock);
1776     }
1777 
1778     ReleaseSysCache(tuple);


Thank you!

Pan Bian

Re: BUG #14927: Unchecked SearchSysCache1() return value

From

Amit Langote

Date:

27 November 2017, 16:20:51

On 2017/11/27 18:01, bianpan2016@163.com wrote:
> The following bug has been logged on the website:
> 
> Bug reference:      14927
> Logged by:          Pan Bian
> Email address:      bianpan2016@163.com
> PostgreSQL version: 10.1
> Operating system:   Linux
> Description:        
> 
> File: postgresql-10.1/src/backend/catalog/heap.c
> Function: heap_drop_with_catalog
> Line: 1771
> 
> Function SearchSysCache1() may return a NULL pointer, but in
> heap_drop_with_catalog(), its return value is not validated before it is
> dereferenced. To avoid NULL dereference, it is better to check the return
> value of SearchSysCache1() against NULL.
> 
> For your convenience, I paste related codes as follows:
> 
> 1771     tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
> 1772     if (((Form_pg_class) GETSTRUCT(tuple))->relispartition)
> 1773     {
> 1774         parentOid = get_partition_parent(relid);
> 1775         LockRelationOid(parentOid, AccessExclusiveLock);
> 1776     }
> 1777 
> 1778     ReleaseSysCache(tuple);

Thanks for the report.  Attached a patch that adds a check that tuple is
valid before trying to dereference it.

Thanks,
Amit

Attachment

syscache-check-tuple-heap.patch

Re: BUG #14927: Unchecked SearchSysCache1() return value

From

PanBian

Date:

27 November 2017, 17:34:51

On Mon, Nov 27, 2017 at 07:20:51PM +0900, Amit Langote wrote:
> On 2017/11/27 18:01, bianpan2016@163.com wrote:
> > The following bug has been logged on the website:
> > 
> > Bug reference:      14927
> > Logged by:          Pan Bian
> > Email address:      bianpan2016@163.com
> > PostgreSQL version: 10.1
> > Operating system:   Linux
> > Description:        
> > 
> 
> Thanks for the report.  Attached a patch that adds a check that tuple is
> valid before trying to dereference it.
> 
> Thanks,
> Amit

Got it. These patches fixes the bug.

Thanks,
Pan Bian