hstore: Fix NULL pointer dereference with receive function The receive function of hstore was not able to handle correctly duplicate key values when a new duplicate links to a NULL value, where a pfree() could be attempted on a NULL pointer, crashing due to a pointer dereference.
This problem would happen for a COPY BINARY, when stacking values like that: aa => 5 aa => null The second key/value pair is discarded and pfree() calls are attempted on its key and its value, leading to a pointer dereference for the value part as the value is NULL. The first key/value pair takes priority when a duplicate is found. Per offline report. Reported-by: "Anemone" <[email protected]> Reported-by: "A1ex" <[email protected]> Backpatch-through: 14 Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/a6f823e77835a075265bc6accce0a17370ed6db5 Modified Files -------------- contrib/hstore/hstore_io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
