initdb SegFault

Tue, 19 Nov 2019 06:35:30 -0800 

Hi,

While checking initdb code, I found one segmentation fault, stack
trace for the same is:
Core was generated by `./initdb -D data6'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000040ea22 in main (argc=3, argv=0x7ffc82237308) at initdb.c:3340
3340        printf(_("\nSuccess. You can now start the database server
using:\n\n"

Analysis for the same is given below:
createPQExpBuffer allocates memory and returns the pointer, there is a
possibility that createPQExpBuffer can return NULL pointer in case of
malloc failiure, but initdb's main function does not check this
condition. During malloc failure when pointer is accessed it results
in segmentation fault. Made changes to check and exit if
createPQExpBuffer return's NULL pointer. Patch for the same is
attached.

Let me know your thoughts for the same. Similar issue exists in few
other places, if changes are ok, I can check and fix the issue in
other places also.

Regards,
Vignesh
EnterpriseDB: http://www.enterprisedb.com

From c1787a74deeb8b0162684219136819a36a771e3e Mon Sep 17 00:00:00 2001
From: vignesh <vignesh@localhost.localdomain>
Date: Tue, 19 Nov 2019 19:48:38 +0530
Subject: [PATCH] initdb crash fix when createPQExpBuffer returns NULL pointer.

createPQExpBuffer allocates memory and returns the pointer, there is a
possibility that createPQExpBuffer can return NULL pointer in case of malloc
failiure, but initdb's main function does not check this condition. Made
changes to check and exit if createPQExpBuffer return's NULL pointer.
---
 src/bin/initdb/initdb.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c
index 88a261d..a428a91 100644
--- a/src/bin/initdb/initdb.c
+++ b/src/bin/initdb/initdb.c
@@ -3318,6 +3318,11 @@ main(int argc, char *argv[])
 	 * Build up a shell command to tell the user how to start the server
 	 */
 	start_db_cmd = createPQExpBuffer();
+	if (!start_db_cmd)
+	{
+		pg_log_error("out of memory");
+		exit(1);
+	}
 
 	/* Get directory specification used to start initdb ... */
 	strlcpy(pg_ctl_path, argv[0], sizeof(pg_ctl_path));
-- 
1.8.3.1

Reply via email to