Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1w9fVo-001dNA-0i
	for pgadmin-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 08:40:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgadmin-hackers-owner+archive@lists.postgresql.org>)
	id 1w9fVm-007KiA-1J
	for pgadmin-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 08:40:46 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ashesh.vashi@enterprisedb.com>)
	id 1w9fVm-007Ki2-0O
	for pgadmin-hackers@lists.postgresql.org;
	Mon, 06 Apr 2026 08:40:46 +0000
Received: from mail-ej1-x633.google.com ([2a00:1450:4864:20::633])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <ashesh.vashi@enterprisedb.com>)
	id 1w9fVi-00000000s54-3YYi
	for pgadmin-hackers@lists.postgresql.org;
	Mon, 06 Apr 2026 08:40:45 +0000
Received: by mail-ej1-x633.google.com with SMTP id
 a640c23a62f3a-b9c1cc4e33dso42690566b.3
        for <pgadmin-hackers@lists.postgresql.org>;
 Mon, 06 Apr 2026 01:40:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1775464837; cv=none;
        d=google.com; s=arc-20240605;
        b=MIHEOOqecV22rIuRNUzAMSijD+VNwV0th/y/fUmnJWyFiBho1qM2mnIGrg0kj8f4mj
         vnauIQFFdTRYdYCk1cIlqUP6XU2gCOpmHRjfnBhYIQWuvTiXAAj2H8sbboKY/JEIcGW6
         /hOmA3QIulAKWQzvrLoTOHMqbGUhWovg2E7VJ7hPRF5z2huknAmlv17MA3Xx2O3ekGiB
         nq5jAqsXFAD6AUayYFSWd1rV/BxCHXVn7jDQkEE3yRFi2TWLBCkS01bK4MQB47EQ0nuo
         tNY8ZnMN3hAoc2vRxR6yOJaK50L6SdSQPBg19BAcRyoAkaUgdFcFb7fkpTmv14hYW5z1
         b2kw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=1cC6Okm5HgkMKvYPk6CPDKqDKt8jEgMwR6WQ/esoC5k=;
        fh=KJ00nX4GWnJzi6w5L2MCrji81QccR5hrL2216gD7obY=;
        b=aqcxnJmR4RWWTwienIR+ufxNajZvIGlucfeBePd2ZLNxL7DXekoBYdmw4/d1a1JvPq
         BTzeJhGeIEBkQRXkcRI1fKrVOQTaI9zjuZIUGmrt68YMB6/Oi25LHa/eVWKHMbXocnqp
         63fEl7rqjufiwP2LRhuGQEUtomY3SiVpOk+Fe7dK6/530SINNQiPt7Tpp28ZNwsWKj2s
         jziuCqLhBvG6s4Wz6fWIh9FLSmuyMTYf9rTkJDD1FB+1Q8aQF3On7d5/dWWY5L+tI69u
         +9eTfUhawaB0pB7SwpxzfBjT6Po0TWvwtHoRijnUvSa9EMiEMart7HG+crglBpjohGvj
         EroA==;
        darn=lists.postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1775464837; x=1776069637;
 darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=1cC6Okm5HgkMKvYPk6CPDKqDKt8jEgMwR6WQ/esoC5k=;
        b=OwhVi+/eholGMipFag5pmfeGPaG2fbla+o+otkbKK8v+Ra+SjUon8tJnZTInHMUjRJ
         mdcZ/OM6NwncNBvLQRYerlKnFE2l8xRuCBfu+9SIcYUPNV91L6l5GNneS38myOzHukfD
         1gArOHG1WuFW7S9txLmI8XogttSx3ykvakfMjEeyrSKxxArmGpWN/REEFYSpgv7iZYIt
         Zia2ej3r8SwmBeKRtMJoy3o2X2YUJ20nIkW50D+RFZ5YplmMwTXGreehCgB9m/qFbVJR
         CwocHiBaBhQsGr5PY9SHubnpEaYBv5E5/aXpRgLxIJQ9VpwK7OHWurdzEOJbaQFCnXLo
         8Odw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1775464837; x=1776069637;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=1cC6Okm5HgkMKvYPk6CPDKqDKt8jEgMwR6WQ/esoC5k=;
        b=R/ndWj6Xg1jFVgcBY5Z86BJHyvEDnaQBakc6qzES6uOKLU/JiQ1rGIQK9nbzgNXxjA
         5Y3f3WIDJgDVWhNHmx+IjBbft7FcgXy3zE81PcbAlXPP30CbtdsV3JlXU3G6j2rNHxZ6
         sI6QCfOSmNIc68wEcTeumfSQNYbgJUMuR+4PRPDf6fsitBzBWKRxWy33cdfl5GzX1UMU
         SEzxtb+kJvrR8PnssuSmXNcthjTxHWiBCvtc8hiDTfjO2dsdL17fgrNVRwB7Ila2XIkq
         xFjuTf7Izc5NcmOf+Uz5oiBeRbk0Y5dqqEe9pj4J0vwzZi3sq093VnbPO+lW+USPCCOz
         sTyw==
X-Gm-Message-State: AOJu0YzdtF3Rx8DRkR2NCDRj6PieaQvPkFMIJbMK6Oc4SaRgHRfcvtsV
	GC4HvOG1UX56SkfkdvlHxQYcF6FSAryiYm3lGeH5qIXxOazG6PiiycoKyvpmZtq47G/SqedYfWB
	0Wn9n5fTwBw+2FL4yz0oFSXWUp7yiufdFGrER5dE2A06TbSr3vZOpVUhn
X-Gm-Gg: AeBDieuiJaQI8z0jl70206LyKvc5dDzLVUyp0TM0TrF5kFfe9Xp9D+cJBf7RWs8+Bbp
	p1hc+0X2IplZeEJDL7hynzvmNSbgEytr9awuYc28F8rwsqVpbYmoxvvwJ2Q7ObHVzwqZZgoShda
	a8L2r3HYhxEiPZ130IUP+qvs/6Oq0mRb5TqIbk+7ii7f467R5IbO6PfTGfINbyH57S0fVrfOhDQ
	C6k9Ut5CsPcqllnJymOvw7Qpe8VwdOrDBCQZkDezuF6h6RXIGZNQr48lG0ZchIrfrrffXhLX+zc
	efuDWMeH
X-Received: by 2002:a05:6402:1e89:b0:66b:ea0f:f50a with SMTP id
 4fb4d7f45d1cf-66e3f86b9e3mr2450539a12.5.1775464836548; Mon, 06 Apr 2026
 01:40:36 -0700 (PDT)
MIME-Version: 1.0
References: <6c6cc4b06b8e4f3ab91029c5e7f2e479@rutoken.ru>
In-Reply-To: <6c6cc4b06b8e4f3ab91029c5e7f2e479@rutoken.ru>
From: Ashesh Vashi <ashesh.vashi@enterprisedb.com>
Date: Mon, 6 Apr 2026 14:10:25 +0530
X-Gm-Features: AQROBzCjOly0lCVPq7_r3OQuHIid2-Gk_2xIZ-NaTn2z1UlFXkY_piFoVPoU00M
Message-ID: 
 <CAG7mmoy9DR-_tCintwCjcWJO5KbyLCikqffFox1-_vXkJwZHpw@mail.gmail.com>
Subject: Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529
To: =?UTF-8?B?0JPQsNC70LrQuNC9INCh0LXRgNCz0LXQuQ==?= <galkin@rutoken.ru>
Cc: "pgadmin-hackers@lists.postgresql.org"
 <pgadmin-hackers@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000e4db38064ec69e98"
List-Id: <pgadmin-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgadmin-hackers@lists.postgresql.org>
List-Owner: <mailto:pgadmin-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgadmin-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAG7mmoy9DR-_tCintwCjcWJO5KbyLCikqffFox1-_vXkJwZHpw%40mail.gmail.com>
Precedence: bulk

--000000000000e4db38064ec69e98
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

This is email chain for pgAdmin hackers (and - not PostgreSQL hackers).
Please share your patch at pgsql-hackers@postgresql.org .

--

Thanks & Regards,

Ashesh Vashi
EnterpriseDB INDIA: Enterprise PostgreSQL Company
<http://www.enterprisedb.com>


*http://www.linkedin.com/in/asheshvashi*
<http://www.linkedin.com/in/asheshvashi>


On Mon, Apr 6, 2026 at 1:40=E2=80=AFPM =D0=93=D0=B0=D0=BB=D0=BA=D0=B8=D0=BD=
 =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9 <galkin@rutoken.ru> wrote:

> Hello, a static analyzer pointed out a possible NULL dereference at the
> end of json_errdetail() (src/common/jsonapi.c):
>
> return lex->errormsg->data;
>
> That seemed plausible to me, since there is a comment just above saying
> that lex->errormsg can be NULL in shlib code. I also checked
> PQExpBufferBroken(), and it does handle NULL, but that call is under
> #ifdef, while the final access to lex->errormsg->data is unconditional.
>
> I may be missing some invariant here, but it seems worth adding an
> explicit NULL check. I prepared a corresponding patch and am attaching it
> below in case you agree that this is a real issue.
>
> diff --git a/src/common/jsonapi.c b/src/common/jsonapi.c
> index 1145d93945f..192040b5443 100644
> --- a/src/common/jsonapi.c
> +++ b/src/common/jsonapi.c
> @@ -2525,6 +2525,9 @@ json_errdetail(JsonParseErrorType error,
> JsonLexContext *lex)
>      if (PQExpBufferBroken(lex->errormsg))
>          return _("out of memory while constructing error description");
>  #endif
> +
> +    if (!lex->errormsg)
> +        return _("out of memory while constructing error description");
>
>      return lex->errormsg->data;
>  }
>
> Best regards, Galkin Sergey
>
>

--000000000000e4db38064ec69e98
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>This is email chain for pgAdmin hackers (and - not Po=
stgreSQL hackers).<br>Please share your patch at=C2=A0<a href=3D"mailto:pgs=
ql-hackers@postgresql.org">pgsql-hackers@postgresql.org</a> .<br><br></div>=
<div><div dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_sig=
nature"><div dir=3D"ltr"><div><div dir=3D"ltr"><div style=3D"margin:0pt 0pt=
 8px"><p style=3D"margin:0pt"><span style=3D"font-family:courier new,monosp=
ace"><span style=3D"font-style:italic"><span>--</span></span></span></p><p =
style=3D"margin:0pt"><span style=3D"font-family:courier new,monospace"><spa=
n style=3D"font-style:italic"><span>Thanks &amp; Regards,</span></span><br =
style=3D"font-style:italic"><br style=3D"font-style:italic"><span style=3D"=
font-style:italic">Ashesh Vashi</span><br style=3D"font-style:italic"><span=
 style=3D"font-style:italic">EnterpriseDB INDIA: </span><a href=3D"http://w=
ww.enterprisedb.com" target=3D"_blank">Enterprise PostgreSQL Company</a></s=
pan></p>
<p style=3D"margin:0pt"><span style=3D"font-family:courier new,monospace"><=
br></span></p>
<p style=3D"margin:0pt"><span style=3D"font-family:courier new,monospace"><=
a href=3D"http://www.linkedin.com/in/asheshvashi" target=3D"_blank"><i>http=
://www.linkedin.com/in/asheshvashi</i></a></span></p></div></div></div></di=
v></div></div><br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" cla=
ss=3D"gmail_attr">On Mon, Apr 6, 2026 at 1:40=E2=80=AFPM =D0=93=D0=B0=D0=BB=
=D0=BA=D0=B8=D0=BD =D0=A1=D0=B5=D1=80=D0=B3=D0=B5=D0=B9 &lt;<a href=3D"mail=
to:galkin@rutoken.ru" target=3D"_blank">galkin@rutoken.ru</a>&gt; wrote:<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;=
border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>




<div dir=3D"ltr">
<div id=3D"m_557104293729814085m_-8217178607485408356divtagdefaultwrapper" =
style=3D"font-size:12pt;color:rgb(0,0,0);font-family:Calibri,Helvetica,sans=
-serif" dir=3D"ltr">
<p></p>
<div>Hello,=C2=A0a static analyzer pointed out a possible NULL dereference =
at the end of json_errdetail()=C2=A0(<span>src/common/jsonapi.c)</span>:<br=
>
<br>
return lex-&gt;errormsg-&gt;data;<br>
</div>
<div><br>
That seemed plausible to me, since there is a comment just above saying tha=
t lex-&gt;errormsg can be NULL in shlib code. I also checked PQExpBufferBro=
ken(), and it does handle NULL, but that call is under #ifdef, while the fi=
nal access to lex-&gt;errormsg-&gt;data is
 unconditional.<br>
<br>
I may be missing some invariant here, but it seems worth adding an explicit=
 NULL check. I<span>=C2=A0prepared a corresponding patch and am attaching i=
t below in case you agree that this is a real issue.</span><br>
<br>
<div>diff --git a/src/common/jsonapi.c b/src/common/jsonapi.c<br>
index 1145d93945f..192040b5443 100644<br>
--- a/src/common/jsonapi.c<br>
+++ b/src/common/jsonapi.c<br>
@@ -2525,6 +2525,9 @@ json_errdetail(JsonParseErrorType error, JsonLexConte=
xt *lex)<br>
=C2=A0 =C2=A0 =C2=A0if (PQExpBufferBroken(lex-&gt;errormsg))<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return _(&quot;out of memory while constr=
ucting error description&quot;);<br>
=C2=A0#endif<br>
+=C2=A0 =C2=A0=C2=A0<br>
+=C2=A0 =C2=A0 if (!lex-&gt;errormsg)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 return _(&quot;out of memory while constructin=
g error description&quot;);<br>
=C2=A0<br>
=C2=A0 =C2=A0 =C2=A0return lex-&gt;errormsg-&gt;data;<br>
=C2=A0}</div>
<br>
Best regards, Galkin Sergey</div>
<p></p>
</div>
</div>

</div></blockquote></div>

--000000000000e4db38064ec69e98--