| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Andreas Karlsson <andreas(at)proxel(dot)se>, Галкин Сергей <galkin(at)rutoken(dot)ru>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529 |
| Date: | 2026-04-06 21:18:59 |
| Message-ID: | CAOYmi+mneT-m52GhWdA=XqH5SE6f5jJbAmjwL+wp+xk4j9VVpg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Apr 6, 2026 at 11:46 AM Andres Freund <andres(at)anarazel(dot)de> wrote:
> I guess getting rid of the stringinfo/pqexpbuffer split is not that easy, but
> at least the common memory allocation stuff seems like it should be doable to
> put through through the same wrappers for both FE/BE, handling whether we want
> to error out or not by passing MCXT_ALLOC_NO_OOM or not.
We can spell the abstraction layer differently, but how does that help
us hide the complexity of the OOM behavior? IMO the difference in
returning NULLs is the entire reason this code is difficult; the
abstraction layer must necessarily leak [1].
> How is the only sane answer here not to avoid ever freeing NULLs?
Maybe I didn't parse this question correctly, but I don't want to
avoid freeing NULLs. It's entirely reasonable and normal to write code
that frees NULLs.
I understand from the server perspective that's not currently how it
works, but I'm working on all of this from the client side: the unit
tests run FRONTEND code rather than BACKEND, so I tripped over this
hazard over and over again, and I filled it in so that hopefully no
one else would have to.
> Particularly because this code started out as backend code. Yea, yea, we
> probably didn't have NULLs due to erroring out on allocation failure, but
> still.
>
> Kinda seems like the fe_memutils.c pfree() should assert that the argument is
> not null.
Maybe... but if we want to change this, I hope that we'll instead
consider not naming a function "pfree" when sometimes it is actually
"free"? Or else make pfree() behave like free() [2] so that we don't
have to have that particular papercut at all anymore?
It still doesn't help the OOM abstraction leak between libpq and the
backend, as far as I can tell.
> FWIW, it can be silenced by marking makeStringInfoExt() with
> __attribute__((returns_nonnull)). Whether that's worth doing is a different
> question.
I wouldn't mind doing that too, necessarily, if it's still helpful
(after fixing the core issue).
Thanks!
--Jacob
[1] https://postgr.es/m/CAOYmi%2BmyshCL_yaWQiu54Kj5in93D5nPyw7yXj2jZnDKi73SHQ%40mail.gmail.com
[2] https://postgr.es/m/1074830.1655442689%40sss.pgh.pa.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-04-06 21:19:51 | Re: Enable -Wstrict-prototypes and -Wold-style-definition by default |
| Previous Message | Andres Freund | 2026-04-06 21:11:30 | Re: Adding REPACK [concurrently] |