Thread
-
BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
PG Bug reporting form <noreply@postgresql.org> — 2025-04-10T16:39:34Z
The following bug has been logged on the website: Bug reference: 18888 Logged by: Daniel Elishakov Email address: dan-eli@mail.ru PostgreSQL version: 17.4 Operating system: Ubuntu 20.04 Description: On 203 and 313 lines It seems that a struct data type should not be used in 'EXEC SQL SET DESCRIPTOR' command, so the code in question should never be executed and it is not a problem. However there are no actual checks for corrrectess of the provided data type. It is required to add a check against wrong data types supplied by the user.
-
Re: BUG #18888: /src/interfaces/ecpg/preproc/descriptor.c possible NULL dereference
Euler Taveira <euler@eulerto.com> — 2025-04-10T18:17:17Z
On Thu, Apr 10, 2025, at 1:39 PM, PG Bug reporting form wrote: > On 203 and 313 lines It seems that a struct data type should not be used in > 'EXEC SQL SET DESCRIPTOR' command, so the code in question should never be > executed and it is not a problem. However there are no actual checks for > corrrectess of the provided data type. It is required to add a check against > wrong data types supplied by the user. Which struct data type? struct variable? Did you read find_variable()? At the end, it has if (p == NULL) mmfatal(PARSE_ERROR, "variable \"%s\" is not declared", name); return p; mmfatal() is marked as noreturn so it is not possible that find_variable() returns NULL. Hence, struct variable *v is always a valid pointer. If you're directly opening bug reports based on a static analyzer output without a previous analysis, don't do that. These SATs generally report lots of false positives. Instead, investigate each report and (if possible) create a reproducible test case demonstrating that it is a real issue. -- Euler Taveira EDB https://www.enterprisedb.com/