Hi all,
I found the case of potential NULL pointer dereference.
In snowball/libstemmer/api.c if we transfer control to the SN_create_env()
function
by using the error label when there is a memory allocation error of z->p or
z->S,
we can then dereference the NULL pointer z->S in the function SN_close_env().
Added the pointer check for avoiding a potential problem.
---
Best regards, Korotkov Maksim
PostgresPro
m.korot...@postgrespro.ru
From c4596f6e23c4f5e9ae8294d51783afb733eccc9d Mon Sep 17 00:00:00 2001
From: Maksim Korotkov <m.korot...@postgrespro.ru>
Date: Tue, 24 Dec 2024 17:07:12 +0300
Subject: [PATCH] snowball: fix potential NULL dereference
If we transfer control to the SN_create_env() function by using the error
label when there is a memory allocation error of z->p or z->S,
we can then dereference the NULL pointer z->S in the function SN_close_env().
Added the pointer check for avoiding potential problem.
Fixes: 140d4ebcb4 ("Tsearch2 functionality migrates to core. The bulk of this work is by Oleg Bartunov and Teodor Sigaev, but I did a lot of editorializing, so anything that's broken is probably my fault.")
Found by Postgres Pro with Svace static analyzer
Signed-off-by: Maksim Korotkov <m.korot...@postgrespro.ru>
---
src/backend/snowball/libstemmer/api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/backend/snowball/libstemmer/api.c b/src/backend/snowball/libstemmer/api.c
index 375938e6d1..3a7169abd8 100644
--- a/src/backend/snowball/libstemmer/api.c
+++ b/src/backend/snowball/libstemmer/api.c
@@ -34,7 +34,7 @@ error:
extern void SN_close_env(struct SN_env * z, int S_size)
{
if (z == NULL) return;
- if (S_size)
+ if (S_size && z->S)
{
int i;
for (i = 0; i < S_size; i++)
--
2.34.1
