Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ashesh Vashi <[email protected]>
To: Галкин Сергей <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529
Date: Mon, 6 Apr 2026 14:10:25 +0530
Message-ID: <CAG7mmoy9DR-_tCintwCjcWJO5KbyLCikqffFox1-_vXkJwZHpw@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

This is email chain for pgAdmin hackers (and - not PostgreSQL hackers).
Please share your patch at [email protected] .

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
<http://www.enterprisedb.com;


*http://www.linkedin.com/in/asheshvashi*
<http://www.linkedin.com/in/asheshvashi;


On Mon, Apr 6, 2026 at 1:40 PM Галкин Сергей <[email protected]> wrote:

> Hello, a static analyzer pointed out a possible NULL dereference at the
> end of json_errdetail() (src/common/jsonapi.c):
>
> return lex->errormsg->data;
>
> That seemed plausible to me, since there is a comment just above saying
> that lex->errormsg can be NULL in shlib code. I also checked
> PQExpBufferBroken(), and it does handle NULL, but that call is under
> #ifdef, while the final access to lex->errormsg->data is unconditional.
>
> I may be missing some invariant here, but it seems worth adding an
> explicit NULL check. I prepared a corresponding patch and am attaching it
> below in case you agree that this is a real issue.
>
> diff --git a/src/common/jsonapi.c b/src/common/jsonapi.c
> index 1145d93945f..192040b5443 100644
> --- a/src/common/jsonapi.c
> +++ b/src/common/jsonapi.c
> @@ -2525,6 +2525,9 @@ json_errdetail(JsonParseErrorType error,
> JsonLexContext *lex)
>      if (PQExpBufferBroken(lex->errormsg))
>          return _("out of memory while constructing error description");
>  #endif
> +
> +    if (!lex->errormsg)
> +        return _("out of memory while constructing error description");
>
>      return lex->errormsg->data;
>  }
>
> Best regards, Galkin Sergey
>
>

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529
  In-Reply-To: <CAG7mmoy9DR-_tCintwCjcWJO5KbyLCikqffFox1-_vXkJwZHpw@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox