git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Avoid reference to nonexistent array element in ExecInitAgg().

Mon, 2 Jan 2023 21:17:00 +0000 (16:17 -0500)

When considering an empty grouping set, we fetched
phasedata->eqfunctions[-1]. Because the eqfunctions array is
palloc'd, that would always be an aset pointer in released versions,
and thus the code accidentally failed to malfunction (since it would
do nothing unless it found a null pointer). Nonetheless this seems
like trouble waiting to happen, so add a check for length == 0.

It's depressing that our valgrind testing did not catch this.
Maybe we should reconsider the choice to not mark that word NOACCESS?

Richard Guo

Discussion: https://postgr.es/m/CAMbWs4-vZuuPOZsKOYnSAaPYGKhmacxhki+vpOKk0O7rymccXQ@mail.gmail.com

src/backend/executor/nodeAgg.c patch | blob | blame | history

diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c

index 9789e67ec57f9761f1946d50b8914be48a53b9c7..dfbac968390972e305f40a8807a84e9411f18c00 100644 (file)

--- a/src/backend/executor/nodeAgg.c

+++ b/src/backend/executor/nodeAgg.c

@@ -3494,6 +3494,11 @@ ExecInitAgg(Agg *node, EState *estate, int eflags)

{

int length = phasedata->gset_lengths[k];

+ /* nothing to do for empty grouping set */

+ if (length == 0)

+ continue;

+ /* if we already had one of this length, it'll do */

if (phasedata->eqfunctions[length - 1] != NULL)

continue;

This is the main PostgreSQL git repository.

RSS Atom