Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tM1RZ-0017uT-Ah for pgsql-hackers@arkaria.postgresql.org; Fri, 13 Dec 2024 08:54:41 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tM1RW-003POR-RT for pgsql-hackers@arkaria.postgresql.org; Fri, 13 Dec 2024 08:54:40 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tM1RW-003PO9-Gy for pgsql-hackers@lists.postgresql.org; Fri, 13 Dec 2024 08:54:39 +0000 Received: from air.basealt.ru ([193.43.8.18]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tM1RU-002blb-SW for pgsql-hackers@lists.postgresql.org; Fri, 13 Dec 2024 08:54:39 +0000 Received: from [10.4.129.65] (unknown [193.43.10.250]) by air.basealt.ru (Postfix) with ESMTPSA id 2D37E233A7; Fri, 13 Dec 2024 11:54:36 +0300 (MSK) Message-ID: <18bda8da-1ab0-4a4d-9aca-826610a244a8@altlinux.org> Date: Fri, 13 Dec 2024 11:54:35 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] Check for TupleTableSlot nullness before dereferencing From: Alexander Kuznetsov To: Daniel Gustafsson Cc: PostgreSQL Developers , egori@altlinux.org, nickel@altlinux.org Reply-To: kuznetsovam@altlinux.org References: <98e18ffc-c402-4710-ae28-6d6dbcf08e44@altlinux.org> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hello, ping. What do you think about reasoning below? Maybe we should consider proposing different patch for removing redundant check there? 09.10.2024 18:23, Alexander Kuznetsov wrote: > 03.10.2024 12:48, Daniel Gustafsson wrote: >>  From a quick reading we can only reach there after evaluating an expression, so >> can it really be null though?  This code hasn't changed all that much since >> 2009, if there was a reachable segfault on a null pointer deref I have a >> feeling we'd heard about it by now so some extra care seems warranted to ensure >> it's not a static analyzer false positive. > Thanks for your response! > It seems to me that dereferencing is possible under the following scenario: > [...] > This entire reasoning is based on the assumption that slot2 can theoretically be NULL, as there is such a check at line 968. > Is it possible that no errors have occurred because this condition has always been satisfied and is, perhaps, redundant, or maybe I'm misunderstanding something? -- Best regards, Alexander Kuznetsov