Hello everyone, I'd like to propose adding check for nullness of TupleTableSlot before dereferencing it in /src/backend/executor/nodeAgg.c
It is done in the same manner other TupleTableSlots are checked, but was probably left unseen because slot1 and slot2 variables can be swapped during function execution. The patch is attached. -- Best regards, Alexander Kuznetsov
From f490d485e3dbdfec7c6804bd96ae47b5a60d7c96 Mon Sep 17 00:00:00 2001 From: Alexander Kuznetsov <kuznetso...@altlinux.org> Date: Thu, 3 Oct 2024 10:24:08 +0300 Subject: [PATCH] Check for TupleTableSlot nullness before dereferencing At the beginning of process_ordered_aggregate_multi() slot1 is assumed to not be NULL, while slot2 can be NULL. Later, if (numDistinctCols > 0), slot1 and slot2 are swapped, and slot1 (with possible contents of slot2) is dereferenced by ExecClearTuple(). Add check for nullness before dereferencing. Found by ALT Linux Team with Svace. --- src/backend/executor/nodeAgg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c index 53ead77ece..26e7938a47 100644 --- a/src/backend/executor/nodeAgg.c +++ b/src/backend/executor/nodeAgg.c @@ -1013,7 +1013,8 @@ process_ordered_aggregate_multi(AggState *aggstate, /* Reset context each time */ ResetExprContext(tmpcontext); - ExecClearTuple(slot1); + if (slot1) + ExecClearTuple(slot1); } if (slot2) -- 2.42.2
