Thread: Re: [HACKERS] REL9_6_STABLE - a minor bug in src/common/exec.c

After checking some code from REL9_6_STABLE with a static analyzer, I've 
found this bit:

src/common/exec.c:586        putenv(strdup(env_path));
...
src/common/exec.c:597        putenv(strdup(env_path));

Theoretically, strdup might return NULL, and we'll send NULL as an 
argument to putenv(),
which in turn will try to call strdup(NULL) and it will result in 
segfault.
So this seems like a bug, although maybe it would act out very rarely.
I've noticed that it's fixed in REL10_STABLE, there we do this instead:

src/common/exec.c:556        char       *dup_path;
...
src/common/exec.c:587        dup_path = strdup(env_path);
src/common/exec.c:588        if (dup_path)
src/common/exec.c:589            putenv(dup_path);
...
src/common/exec.c:600        dup_path = strdup(env_path);
src/common/exec.c:601        if (dup_path)
src/common/exec.c:602            putenv(dup_path);

Would it be possible to fix it the same way in REL9_6_STABLE and maybe 
other older versions too?

-- 
Anna Akenteva
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company

On Thu, Jan 18, 2018 at 03:27:43PM +0300, Anna Akenteva wrote:
> Would it be possible to fix it the same way in REL9_6_STABLE and maybe other
> older versions too?

Yes, this was part of an investigation that led to 052cc223 to improve
OOM handling, which involved way more code paths than just this one. As
such issues are unlikely going to happen, I think that we are fine with
no back-patch.
--
Michael