Quick Links

Re: [PATCH v1] PL/Perl: Fix NULL deref for forged array

From:	Richard Guo <guofenglinux(at)gmail(dot)com>
To:	Xing Guo <higuoxing(at)gmail(dot)com>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: [PATCH v1] PL/Perl: Fix NULL deref for forged array
Date:	2026-06-23 07:14:40
Message-ID:	CAMbWs4_9UFW=BMZ5O19MyeHDMoLjNCPS_8WH21wCDyxY-YpMGw@mail.gmail.com
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, Jun 23, 2026 at 3:47 PM Xing Guo <higuoxing(at)gmail(dot)com> wrote:
> A PL/Perl function returning a forged PostgreSQL::InServer::ARRAY
> object (e.g., an empty hash blessed as that class) could cause a
> segfault. This occurs because hv_fetch_string returns NULL pointer
> when the "array" key is missing, and the code previously dereferenced
> it without checking if the pointer itself was NULL.

+1. Good catch. Every other caller of hv_fetch_string checks the
returned pointer. This is the only place missing that safety check.

- Richard

In response to

[PATCH v1] PL/Perl: Fix NULL deref for forged array at 2026-06-23 06:46:44 from Xing Guo

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kyotaro Horiguchi	2026-06-23 07:21:04	Re: [PATCH] Add pg_get_table_ddl() to reconstruct CREATE TABLE statements
Previous Message	Richard Guo	2026-06-23 06:54:14	Re: Remove inner joins based on foreign keys