On Friday, July 13, 2018 12:09:20 PM CEST 李海龙 wrote:
> HI,Oleg && pgsql-hackers
>
> Plese help me to check this is a bug of ltree?
>
Hi
There is indeed a bug. The _lca function in _ltree_op.c tries to allocate 0
bytes of memory, doesn't initialize it and dereference it in lca_inner.
The attached basic patch fixes it.
Regards
Pierre
>From 4e59747cea428d39c80974c408e95ba86bf63ecc Mon Sep 17 00:00:00 2001
From: Pierre Ducroquet <p.p...@pinaraf.info>
Date: Fri, 13 Jul 2018 12:47:36 +0200
Subject: [PATCH] Fix segfault with lca('{}'::ltree[])
---
contrib/ltree/_ltree_op.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/contrib/ltree/_ltree_op.c b/contrib/ltree/_ltree_op.c
index 9bb6bcaeff..6afcd95cd1 100644
--- a/contrib/ltree/_ltree_op.c
+++ b/contrib/ltree/_ltree_op.c
@@ -297,6 +297,9 @@ _lca(PG_FUNCTION_ARGS)
ltree **a,
*res;
+ if (num == 0)
+ PG_RETURN_NULL();
+
if (ARR_NDIM(la) > 1)
ereport(ERROR,
(errcode(ERRCODE_ARRAY_SUBSCRIPT_ERROR),
--
2.18.0
