Thread: BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
From
PG Bug reporting form
Date:
The following bug has been logged on the website: Bug reference: 18888 Logged by: Daniel Elishakov Email address: dan-eli@mail.ru PostgreSQL version: 17.4 Operating system: Ubuntu 20.04 Description: On 203 and 313 lines It seems that a struct data type should not be used in 'EXEC SQL SET DESCRIPTOR' command, so the code in question should never be executed and it is not a problem. However there are no actual checks for corrrectess of the provided data type. It is required to add a check against wrong data types supplied by the user.
Re: BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
From
"Euler Taveira"
Date:
On Thu, Apr 10, 2025, at 1:39 PM, PG Bug reporting form wrote:
On 203 and 313 lines It seems that a struct data type should not be used in'EXEC SQL SET DESCRIPTOR' command, so the code in question should never beexecuted and it is not a problem. However there are no actual checks forcorrrectess of the provided data type. It is required to add a check againstwrong data types supplied by the user.
Which struct data type? struct variable?
Did you read find_variable()? At the end, it has
if (p == NULL)
mmfatal(PARSE_ERROR, "variable \"%s\" is not declared", name);
return p;
mmfatal() is marked as noreturn so it is not possible that find_variable()
returns NULL. Hence, struct variable *v is always a valid pointer.
If you're directly opening bug reports based on a static analyzer output
without a previous analysis, don't do that. These SATs generally report lots of
false positives. Instead, investigate each report and (if possible) create a
reproducible test case demonstrating that it is a real issue.