Thread: Re: [HACKERS] REL9_6_STABLE - a minor bug in src/common/exec.c
After checking some code from REL9_6_STABLE with a static analyzer, I've found this bit: src/common/exec.c:586 putenv(strdup(env_path)); ... src/common/exec.c:597 putenv(strdup(env_path)); Theoretically, strdup might return NULL, and we'll send NULL as an argument to putenv(), which in turn will try to call strdup(NULL) and it will result in segfault. So this seems like a bug, although maybe it would act out very rarely. I've noticed that it's fixed in REL10_STABLE, there we do this instead: src/common/exec.c:556 char *dup_path; ... src/common/exec.c:587 dup_path = strdup(env_path); src/common/exec.c:588 if (dup_path) src/common/exec.c:589 putenv(dup_path); ... src/common/exec.c:600 dup_path = strdup(env_path); src/common/exec.c:601 if (dup_path) src/common/exec.c:602 putenv(dup_path); Would it be possible to fix it the same way in REL9_6_STABLE and maybe other older versions too? -- Anna Akenteva Postgres Professional: http://www.postgrespro.com The Russian Postgres Company
On Thu, Jan 18, 2018 at 03:27:43PM +0300, Anna Akenteva wrote: > Would it be possible to fix it the same way in REL9_6_STABLE and maybe other > older versions too? Yes, this was part of an investigation that led to 052cc223 to improve OOM handling, which involved way more code paths than just this one. As such issues are unlikely going to happen, I think that we are fine with no back-patch. -- Michael