Re: BUG #14929: Unchecked AllocateDir() return value in restoreTwoPhaseData()

From: Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, bianpan2016(at)163(dot)com
Cc: PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #14929: Unchecked AllocateDir() return value in restoreTwoPhaseData()
Date: 2017-11-27 11:09:12
Message-ID: 9ac0d6ec-4ef7-4864-b141-985bb84fdc1a@lab.ntt.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On 2017/11/27 19:53, Michael Paquier wrote:
> On Mon, Nov 27, 2017 at 6:31 PM, <bianpan2016(at)163(dot)com> wrote:
>> AllocateDir() will return a NULL pointer if it fails to open the specified
>> directory. However, in function restoreTwoPhaseData(), its return value is
>> not checked. This may result in a NULL pointer dereference when trying to
>> free it (see line 1759).
>
> You are missing the fact that ReadDir goes through ReadDirExtended,
> which drops an ERROR log if the folder allocated is NULL.

I noticed that too, but isn't possible that elevel might be such that we
end up returning to restoreTwoPhaseData() after all and hit the line in it
that will then dereference the NULL cldir? Maybe, that never happens
because, elevel is never less than ERROR in that code path?

Thanks,
Amit

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Michael Paquier 2017-11-27 11:20:30 Re: BUG #14929: Unchecked AllocateDir() return value in restoreTwoPhaseData()
Previous Message Michael Paquier 2017-11-27 10:57:41 Re: BUG #14929: Unchecked AllocateDir() return value in restoreTwoPhaseData()