On Wed, Sep 2, 2020 at 2:41 PM Ranier Vilela <ranier...@gmail.com> wrote: > Maybe, better make sure, because: > 3. Line 2285 (nbtutils.c): > ItemPointerCopy(BTreeTupleGetMaxHeapTID(lastleft), pivotheaptid); > 4. Line 2316 (nbtutils.c) : > ItemPointerCopy(BTreeTupleGetHeapTID(firstright), pivotheaptid); > > Can dereference NULL pointer (pivotheaptid) at runtime (release version).
The entire codepath in question exists to set a new pivot tuple's heap TID, in the case where we have to include a heap TID in a new leaf page high key. This is a tuple in palloc()'d memory that we ourselves just created. We know that BTreeTupleGetHeapTID() will return a valid heap TID pointer (a pointer into the end of the new pivot tuple buffer) because we just marked the pivot tuple as having space for one ourselves -- we still completely own the tuple. While it's true that in general BTreeTupleGetHeapTID() can return a NULL pointer, it does not matter here. Even if BTreeTupleGetHeapTID() did somehow return a NULL pointer, then the user would be getting off lightly by experiencing a hard crash instead of data corruption. You should spend more time (as in more than zero time) trying to understand the intent of the code that you write these reports about. -- Peter Geoghegan
