Hi all,
(Petr in CC)
Coverity is complaining about the following pointer dereference in
tablesample_init@tablesample.c:
+ ExprState *argstate = ExecInitExpr(argexpr, (PlanState *)
scanstate);
+
+ if (argstate == NULL)
+ {
+ fcinfo.argnull[i] = true;
+ fcinfo.arg[i] = (Datum) 0;;
+ }
+
+ fcinfo.arg[i] = ExecEvalExpr(argstate, econtext,
+
&fcinfo.argnull[i], NULL);
If the expression argstate is NULL when calling ExecInitExpr(), argstate is
going to be NULL and dereferenced afterwards, see execQual.c for more
details. Hence I think that the patch attached should be applied. Thoughts?
At the same time I noted a double semicolon, fixed as well in the attached.
Regards,
--
Michael
diff --git a/src/backend/access/tablesample/tablesample.c b/src/backend/access/tablesample/tablesample.c
index 44a2434..9d443b1 100644
--- a/src/backend/access/tablesample/tablesample.c
+++ b/src/backend/access/tablesample/tablesample.c
@@ -113,11 +113,13 @@ tablesample_init(SampleScanState *scanstate, TableSampleClause *tablesample)
if (argstate == NULL)
{
fcinfo.argnull[i] = true;
- fcinfo.arg[i] = (Datum) 0;;
+ fcinfo.arg[i] = (Datum) 0;
+ }
+ else
+ {
+ fcinfo.arg[i] = ExecEvalExpr(argstate, econtext,
+ &fcinfo.argnull[i], NULL);
}
-
- fcinfo.arg[i] = ExecEvalExpr(argstate, econtext,
- &fcinfo.argnull[i], NULL);
i++;
}
Assert(i == fcinfo.nargs);
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
