Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w9rLp-001pe4-0k for pgsql-hackers@arkaria.postgresql.org; Mon, 06 Apr 2026 21:19:17 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w9rLn-00C5r5-1z for pgsql-hackers@arkaria.postgresql.org; Mon, 06 Apr 2026 21:19:16 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w9rLn-00C5qw-0v for pgsql-hackers@lists.postgresql.org; Mon, 06 Apr 2026 21:19:15 +0000 Received: from mail-qk1-x729.google.com ([2607:f8b0:4864:20::729]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w9rLk-00000000y3d-10nx for pgsql-hackers@lists.postgresql.org; Mon, 06 Apr 2026 21:19:14 +0000 Received: by mail-qk1-x729.google.com with SMTP id af79cd13be357-8d4ba1518afso313633785a.0 for ; Mon, 06 Apr 2026 14:19:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775510350; cv=none; d=google.com; s=arc-20240605; b=Qr5lw2UcsmgypxoO46Q/7MlEqQyhjbPstBwzgddm2/fYqQYDN7oSFzGUv7ZhQ2dqPb YKeAHfZnv4fgg+fClLWcyJYa3deEv4Yk/3o3iX6N/MIY2ndu2lz2Dw3/JhTz9ZIXvkfB 794ZeupsnyOGquzIzl9DjS/nvyZ6AfR9ZsqkfQtr95KZCd/pI6NkL26xwYrt3spgt5d5 6BR9/63b0AZy2JNpH50R45IDzcJNIW+7SBRSsfMdLy+zQwkDOuqA9qNYdN14uMqsGWIu fSpzVYC9vEKBnlQM9b8av65UbIkYnMKoLV0rLK69aRjjtRQ65gWqopCIRlx4RkrC5Tyr YFCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=V2/XlW0rDmVEaoWktnr8E0b/BPsuZQMz5LAaBIXGx0I=; fh=V4fM4Jok8Fgp31PUz/kqmAIV6wW3dAkw2/d3FRX+NOw=; b=XwDEI8Num2ZTY2SZ1ux2LDADRtNDWs1XT+z0378qawTisSfdTMS+bGhTgyr7rCz9xV 9bv7ng9xZxdqe1k4KpyoTkJ5TZrED+cnhFtvcjMaIz0Z+EgdcDDa8uce2+a1SCsUFoKR NuAp2ZbnpxhiUOcETXmdKYDGYJZgpxfmgnmRwU3OImMVIQTjLW7r8M55LudF9ix3qPN5 z5HeEInZAa8h5XM7lIds+r1ThmkgcoDRF66DUNMRXxCJsAcLtwCDjgN6LbG/Ae2RVcNo ca2FqRtoQc4sslIr5AOuDHlOvOViVqpQgmCRl24RLXmPLy3z5TZP3ynTM3udvvanwO09 Go2Q==; darn=lists.postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1775510350; x=1776115150; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=V2/XlW0rDmVEaoWktnr8E0b/BPsuZQMz5LAaBIXGx0I=; b=OWRHUy6TpHV3PwpdN0wjYGXhekUJe1JvyYOCK6imCOckH2riU9/hzaEbjVd1mm781y pVlDgsddY+DJDGIs9yKCItuwgjQZvBx22tWLopdLD8H79O2lXvwZ6lRGuGDMVBOC+F/T chzF5YOHXp1fBzBfUoFsk33J2amD+u0QSIEExxHbQ3TY/woqg5vcNVsAp1O7khDD2QF2 XLzWokdC1DGsehwtcvMWgJy/vbCyUw/GOVqQituo5ZweJZPBg94llABGkSqGHnXSOGMk JWIpLc/GfbyDxhncq5xk0Ed7N11J5MwJt17SN6e9zIOv/p287JgK0AdtJ1fPd/yxR3Iz FYGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775510350; x=1776115150; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=V2/XlW0rDmVEaoWktnr8E0b/BPsuZQMz5LAaBIXGx0I=; b=OQa1uSzQhVvP4lQoXbpX9J+fcqBfiENQZNwNFVkU5ywR65ZXoBTZenfhT8fjwzFVUY x199dAU48yNB3P+wWJHqtAn/H+3Ln10wByPZvQ27HIXtDujJgItoFnXP0egQolFMQkPA Dgpvjwc2Iv0niREAPtNWuyfGvZPkrRW9JAr4Eezxa65Hwlh+w55NkCRQYD1TGcM7y/Xg /apvtyQMgGe566X/f/kVTInViMRGlUdCBCRh6+z5Gct5tDIOdGAEJdbBqicB1Jqf5loE kjyC9/vPurq9IQVZuc5koqudNg2ijb8F5MgjDnIg/nf6vMQGUFRQIOxtdecYIaZO6g2Z ttiw== X-Forwarded-Encrypted: i=1; AJvYcCVJqSc6lzEA8DpPtOy8RgdctgVO/jCKASbSCsyD6ue7+bZnoOZeTPKPmSf3wtJ/SqJmlNiaF2x+xwF12WcO@lists.postgresql.org X-Gm-Message-State: AOJu0YwbosOvt7/73pTu+fD1AJQB2Q/dBzTp8xGssLfKhUGHhdwCBz+2 gCH321TW6eQ9G2OA18Ji8CusHfmT+lCqJElIBK1ct1+adrDqSu3LXh/gsazqy7hrEQ/oql7cCbK +HFgi7i+ycVsr7u6eoKOSRq4AFLBxGJIBsq++vZiczolQKNNrhcimjv2z X-Gm-Gg: AeBDiev1oyfMkJA6EaBdu5LR80Pf6C5zSttuPXhyzDmoFIlN8/OnuXHeM7BVZlXse6A Q0Q0G86+kKgbOtmhFUC0RU6HjOdqucD0cR7yB74vyDF0+fThCHopYFlIaM7iJ6YO5Zik+lbtQP6 kqdzl6IWpC0I1UjpBXLd/KYFXqnAKMuDT1htiYLG4muhqarBZCPrE1EKrkGDKdvSp7UEC8Kvi8G He6imJa1S6AMJqo7Ibgxr+/npsO3AdaOcvaXCNMLkkjQzG6j13d8/leWWYbo08DUQ7Owb6XIk+E wgbRGw/OFg== X-Received: by 2002:a05:620a:7009:b0:8d6:6db0:88de with SMTP id af79cd13be357-8d66db0985emr1155714985a.44.1775510349971; Mon, 06 Apr 2026 14:19:09 -0700 (PDT) MIME-Version: 1.0 References: <0b32e30f2fb94ae3b7f4ee15bbb072c0@rutoken.ru> <107eb23a-8ebb-42bc-99c0-ca551733e94e@proxel.se> In-Reply-To: From: Jacob Champion Date: Mon, 6 Apr 2026 14:18:59 -0700 X-Gm-Features: AQROBzD7GhTay9uELnJl9gNeavXTRzMYfmiWohcd4cbvPmxwc77RXJAawgjd__s Message-ID: Subject: Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529 To: Andres Freund Cc: Andreas Karlsson , =?UTF-8?B?0JPQsNC70LrQuNC9INCh0LXRgNCz0LXQuQ==?= , "pgsql-hackers@lists.postgresql.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, Apr 6, 2026 at 11:46=E2=80=AFAM Andres Freund = wrote: > I guess getting rid of the stringinfo/pqexpbuffer split is not that easy,= but > at least the common memory allocation stuff seems like it should be doabl= e to > put through through the same wrappers for both FE/BE, handling whether we= want > to error out or not by passing MCXT_ALLOC_NO_OOM or not. We can spell the abstraction layer differently, but how does that help us hide the complexity of the OOM behavior? IMO the difference in returning NULLs is the entire reason this code is difficult; the abstraction layer must necessarily leak [1]. > How is the only sane answer here not to avoid ever freeing NULLs? Maybe I didn't parse this question correctly, but I don't want to avoid freeing NULLs. It's entirely reasonable and normal to write code that frees NULLs. I understand from the server perspective that's not currently how it works, but I'm working on all of this from the client side: the unit tests run FRONTEND code rather than BACKEND, so I tripped over this hazard over and over again, and I filled it in so that hopefully no one else would have to. > Particularly because this code started out as backend code. Yea, yea, we > probably didn't have NULLs due to erroring out on allocation failure, but > still. > > Kinda seems like the fe_memutils.c pfree() should assert that the argumen= t is > not null. Maybe... but if we want to change this, I hope that we'll instead consider not naming a function "pfree" when sometimes it is actually "free"? Or else make pfree() behave like free() [2] so that we don't have to have that particular papercut at all anymore? It still doesn't help the OOM abstraction leak between libpq and the backend, as far as I can tell. > FWIW, it can be silenced by marking makeStringInfoExt() with > __attribute__((returns_nonnull)). Whether that's worth doing is a differe= nt > question. I wouldn't mind doing that too, necessarily, if it's still helpful (after fixing the core issue). Thanks! --Jacob [1] https://postgr.es/m/CAOYmi%2BmyshCL_yaWQiu54Kj5in93D5nPyw7yXj2jZnDKi73S= HQ%40mail.gmail.com [2] https://postgr.es/m/1074830.1655442689%40sss.pgh.pa.us