Hello everyone,
In src/backend/commands/trigger.c:4031, there is an afterTriggerAddEvent() function.
The variable chunk is assigned the value of events->tail at line 4050.
Subsequently, chunk is compared to NULL at lines 4051 and 4079, indicating that
events->tail could potentially be NULL.
However, at line 4102, we dereference events->tail by accessing
events->tail->next without first checking if it is NULL.
To address this issue, I propose at least adding an assertion to ensure that
events->tail != NULL before the dereference. The suggested patch is included in
the attachment.
--
Best regards,
Alexander Kuznetsov
From acabe34b714a9c311bfb85e5be94e6fe906fa9f1 Mon Sep 17 00:00:00 2001
From: Alexander Kuznetsov <kuznetso...@altlinux.org>
Date: Thu, 25 Jul 2024 16:24:18 +0300
Subject: [PATCH] Add assertion of an empty list in afterTriggerAddEvent()
It is possible for events->tail to still be NULL at this point,
so assert it's not NULL before dereferencing.
This was found by ALT Linux Team with Svace.
---
src/backend/commands/trigger.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/backend/commands/trigger.c b/src/backend/commands/trigger.c
index 170360edda..a0946025a5 100644
--- a/src/backend/commands/trigger.c
+++ b/src/backend/commands/trigger.c
@@ -4099,7 +4099,10 @@ afterTriggerAddEvent(AfterTriggerEventList *events,
if (events->head == NULL)
events->head = chunk;
else
+ {
+ Assert(events->tail != NULL);
events->tail->next = chunk;
+ }
events->tail = chunk;
/* events->tailfree is now out of sync, but we'll fix it below */
}
--
2.42.2
