After checking some code from REL9_6_STABLE with a static analyzer, I've
found this bit:
src/common/exec.c:586 putenv(strdup(env_path));
...
src/common/exec.c:597 putenv(strdup(env_path));
Theoretically, strdup might return NULL, and we'll send NULL as an
argument to putenv(),
which in turn will try to call strdup(NULL) and it will result in
segfault.
So this seems like a bug, although maybe it would act out very rarely.
I've noticed that it's fixed in REL10_STABLE, there we do this instead:
src/common/exec.c:556 char *dup_path;
...
src/common/exec.c:587 dup_path = strdup(env_path);
src/common/exec.c:588 if (dup_path)
src/common/exec.c:589 putenv(dup_path);
...
src/common/exec.c:600 dup_path = strdup(env_path);
src/common/exec.c:601 if (dup_path)
src/common/exec.c:602 putenv(dup_path);
Would it be possible to fix it the same way in REL9_6_STABLE and maybe
other older versions too?
--
Anna Akenteva
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company
