Quick Links

Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var()

From:	Piotr Stefaniak <postgres(at)piotr-stefaniak(dot)me>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var()
Date:	2015-08-01 19:28:12
Message-ID:	BLU436-SMTP188F5D8FF21E1CB990D441DF2890@phx.gbl
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hello,

these two queries will make the assertions below fail:
SELECT STDDEV(0.0);
SELECT 0.0 * 0;

diff --git a/src/backend/utils/adt/numeric.c
b/src/backend/utils/adt/numeric.c
index 7ce41b7..6e642d8 100644
--- a/src/backend/utils/adt/numeric.c
+++ b/src/backend/utils/adt/numeric.c
@@ -4769,6 +4769,7 @@ set_var_from_var(NumericVar *value, NumericVar *dest)

newbuf = digitbuf_alloc(value->ndigits + 1);
newbuf[0] = 0; /* spare digit for
rounding */
+ Assert(value->digits != NULL);
memcpy(newbuf + 1, value->digits, value->ndigits *
sizeof(NumericDigit));

digitbuf_free(dest->buf);
@@ -5090,6 +5091,7 @@ make_result(NumericVar *var)
result->choice.n_long.n_weight = weight;
}

+ Assert(digits != NULL);
memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit));
Assert(NUMERIC_NDIGITS(result) == n);

Responses

Re: Null pointer passed as source to memcpy() in numeric.c:make_result() and numeric:set_var_from_var() at 2015-08-02 19:49:21 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Geoghegan	2015-08-01 20:24:46	Re: Cleaning up missing ERRCODE assignments
Previous Message	Heikki Linnakangas	2015-08-01 19:01:28	Re: pg_rewind failure by file deletion in source server