Hello everyone, We've found that EndCompressorZstd() doesn't set cs->private_data to NULL after pg_free(), unlike other EndCompressor implementations. While this doesn't currently cause issues (as the pointer soon gets reassigned), we recommend fixing this to maintain consistency with other implementations and prevent potential future issues.
The patch is attached, would appreciate your thoughts on this change. -- Best regards, Alexander Kuznetsov
From 428c60888f96aa5d0b7575a4342cdce4ff0257ab Mon Sep 17 00:00:00 2001 From: Alexander Kuznetsov <kuznetso...@altlinux.org> Date: Wed, 16 Apr 2025 11:19:56 +0300 Subject: [PATCH] pg_dump: Fix dangling pointer in EndCompressorZstd() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cs->private_data becomes dangling after pg_free() call and should be set to NULL (consistent with other EndCompressor implementations) Found by Linux Verification Center (linuxtesting.org) with Svace. --- src/bin/pg_dump/compress_zstd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/bin/pg_dump/compress_zstd.c b/src/bin/pg_dump/compress_zstd.c index 1f7b4942706..cb595b10c2d 100644 --- a/src/bin/pg_dump/compress_zstd.c +++ b/src/bin/pg_dump/compress_zstd.c @@ -142,6 +142,7 @@ EndCompressorZstd(ArchiveHandle *AH, CompressorState *cs) /* output buffer may be allocated in either mode */ pg_free(zstdcs->output.dst); pg_free(zstdcs); + cs->private_data = NULL; } static void -- 2.42.4
