| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: hstore: Fix NULL pointer dereference with receive function |
| Date: | 2026-02-16 23:42:01 |
| Message-ID: | E1vs8E3-001B81-3A@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
hstore: Fix NULL pointer dereference with receive function
The receive function of hstore was not able to handle correctly
duplicate key values when a new duplicate links to a NULL value, where a
pfree() could be attempted on a NULL pointer, crashing due to a pointer
dereference.
This problem would happen for a COPY BINARY, when stacking values like
that:
aa => 5
aa => null
The second key/value pair is discarded and pfree() calls are attempted
on its key and its value, leading to a pointer dereference for the value
part as the value is NULL. The first key/value pair takes priority when
a duplicate is found.
Per offline report.
Reported-by: "Anemone" <vergissmeinnichtzh(at)gmail(dot)com>
Reported-by: "A1ex" <alex000young(at)gmail(dot)com>
Backpatch-through: 14
Branch
------
REL_17_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/0dfbe42da7f75833e807e281332594e73451894b
Modified Files
--------------
contrib/hstore/hstore_io.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2026-02-17 02:05:59 | pgsql: Suppress new "may be used uninitialized" warning. |
| Previous Message | Nathan Bossart | 2026-02-16 21:13:57 | pgsql: pg_upgrade: Use COPY for LO metadata for upgrades from < v12. |