Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529

This is email chain for pgAdmin hackers (and - not PostgreSQL hackers).
Please share your patch at pgsql-hackers(at)postgresql(dot)org .

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
<http://www.enterprisedb.com>

*http://www.linkedin.com/in/asheshvashi*
<http://www.linkedin.com/in/asheshvashi>

On Mon, Apr 6, 2026 at 1:40 PM Галкин Сергей <galkin(at)rutoken(dot)ru> wrote:

> Hello, a static analyzer pointed out a possible NULL dereference at the
> end of json_errdetail() (src/common/jsonapi.c):
>
> return lex->errormsg->data;
>
> That seemed plausible to me, since there is a comment just above saying
> that lex->errormsg can be NULL in shlib code. I also checked
> PQExpBufferBroken(), and it does handle NULL, but that call is under
> #ifdef, while the final access to lex->errormsg->data is unconditional.
>
> I may be missing some invariant here, but it seems worth adding an
> explicit NULL check. I prepared a corresponding patch and am attaching it
> below in case you agree that this is a real issue.
>
> diff --git a/src/common/jsonapi.c b/src/common/jsonapi.c
> index 1145d93945f..192040b5443 100644
> --- a/src/common/jsonapi.c
> +++ b/src/common/jsonapi.c
> @@ -2525,6 +2525,9 @@ json_errdetail(JsonParseErrorType error,
> JsonLexContext *lex)
> if (PQExpBufferBroken(lex->errormsg))
> return _("out of memory while constructing error description");
> #endif
> +
> + if (!lex->errormsg)
> + return _("out of memory while constructing error description");
>
> return lex->errormsg->data;
> }
>
> Best regards, Galkin Sergey
>
>