Re: pgsql: PL/Python: Fix potential NULL pointer dereference

Tue, 05 Dec 2017 11:17:39 -0800 

On 11/28/17 13:35, Peter Eisentraut wrote:
> On 11/28/17 11:35, Tom Lane wrote:
>> Peter Eisentraut <pete...@gmx.net> writes:
>>> PL/Python: Fix potential NULL pointer dereference
>>
>> I do not think it's correct to just "return" out of the middle
>> of a PG_TRY block --- doesn't that result in failing to pop the
>> PG_exception_stack and error_context_stack?
> 
> OK, I'll revert and rethink.

How about this instead?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

From a665798c57207e35eee9b106b0da3dab4e1964a3 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <pete...@gmx.net>
Date: Tue, 5 Dec 2017 14:14:55 -0500
Subject: [PATCH] PL/Python: Fix potential NULL pointer dereference

After d0aa965c0a0ac2ff7906ae1b1dad50a7952efa56, one error path in
PLy_spi_execute_fetch_result() could result in the variable "result"
being dereferenced after being set to NULL.  Put a conditional around
that to fix that.

Also add another SPI_freetuptable() call so that that is cleared in all
error paths.

discovered by John Naylor <jcnay...@gmail.com> via scan-build
---
 src/pl/plpython/plpy_spi.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/pl/plpython/plpy_spi.c b/src/pl/plpython/plpy_spi.c
index ade27f3924..39d1c92fc4 100644
--- a/src/pl/plpython/plpy_spi.c
+++ b/src/pl/plpython/plpy_spi.c
@@ -361,7 +361,10 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, 
uint64 rows, int status)
 
        result = (PLyResultObject *) PLy_result_new();
        if (!result)
+       {
+               SPI_freetuptable(tuptable);
                return NULL;
+       }
        Py_DECREF(result->status);
        result->status = PyInt_FromLong(status);
 
@@ -440,9 +443,12 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, 
uint64 rows, int status)
                         * possible, to minimize the number of ways the tupdesc 
could get
                         * leaked due to errors.)
                         */
-                       oldcontext2 = MemoryContextSwitchTo(TopMemoryContext);
-                       result->tupdesc = 
CreateTupleDescCopy(tuptable->tupdesc);
-                       MemoryContextSwitchTo(oldcontext2);
+                       if (result)
+                       {
+                               oldcontext2 = 
MemoryContextSwitchTo(TopMemoryContext);
+                               result->tupdesc = 
CreateTupleDescCopy(tuptable->tupdesc);
+                               MemoryContextSwitchTo(oldcontext2);
+                       }
                }
                PG_CATCH();
                {
-- 
2.15.0

Reply via email to