plperl: Fix NULL pointer dereference for forged array object In get_perl_array_ref(), for a PostgreSQL::InServer::ARRAY object, we look up its "array" key with hv_fetch_string() and then inspect the returned SV. However, hv_fetch_string() returns a NULL pointer when the key is absent, and the code dereferenced that result without first checking whether the pointer itself was NULL. As a result, a plperl function returning a forged PostgreSQL::InServer::ARRAY object that lacks the "array" key would crash the backend with a segmentation fault.
Fix this by checking the pointer returned by hv_fetch_string() before dereferencing it, matching how other callers in this file already guard the result. With the check in place, such an object falls through to the existing error report instead of crashing. Author: Xing Guo <[email protected]> Reviewed-by: Richard Guo <[email protected]> Discussion: https://postgr.es/m/cacpmh+dygcnqzwqlxxuxqcehjtd7t8umkwslsk4mfbep9g2...@mail.gmail.com Backpatch-through: 14 Branch ------ REL_17_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/d424d06ed2d6c6f0f11c515248a9b22e8d1a794a Modified Files -------------- src/pl/plperl/expected/plperl_array.out | 7 +++++++ src/pl/plperl/plperl.c | 2 +- src/pl/plperl/sql/plperl_array.sql | 7 +++++++ 3 files changed, 15 insertions(+), 1 deletion(-)
