Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w9oxr-001muz-00
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 18:46:23 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w9oxo-00BKI4-1b
	for pgsql-hackers@arkaria.postgresql.org;
	Mon, 06 Apr 2026 18:46:20 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <andres@anarazel.de>)
	id 1w9oxo-00BKHv-0f
	for pgsql-hackers@lists.postgresql.org;
	Mon, 06 Apr 2026 18:46:20 +0000
Received: from fhigh-a8-smtp.messagingengine.com ([103.168.172.159])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <andres@anarazel.de>)
	id 1w9oxl-00000000wkL-3TaX
	for pgsql-hackers@lists.postgresql.org;
	Mon, 06 Apr 2026 18:46:20 +0000
Received: from phl-compute-01.internal (phl-compute-01.internal [10.202.2.41])
	by mailfhigh.phl.internal (Postfix) with ESMTP id 811E2140011C;
	Mon,  6 Apr 2026 14:46:16 -0400 (EDT)
Received: from phl-frontend-03 ([10.202.2.162])
  by phl-compute-01.internal (MEProxy); Mon, 06 Apr 2026 14:46:16 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1775501176;
	 x=1775587576; bh=lMTjrGw3QLRreoYzjHU7Iu9cp8A+2qCYLL6GqjTg/Bg=; b=
	MLfJ2GBTgxbk6aAsfoWD0c3YPAkKlyPvp2XHqLvpQrmXhk+P+rfhrOluUQajnhfZ
	rSm8trvjuh3QnVCORsvdZHDG6XxIs9kY13qsskcFso9ffwGl6k+fzRCK5UgQVpfa
	bYMdMPEtcBFV6EWAv0Rv2xFDencMP3snZUVH4+a1juRQxXkbTf/xEvfEh71r49Pr
	FUJmGO1A/YyNEgx7BJwG5lFVK0eEKDIpwsL/YNvBQs2zFzKtDpnteYkn4ZhH+WSd
	qa0Gdzv3QiqpN5wTOQFFu6VYxD0R2CeavkkdOvMSvBcRcbciVl7NNKHovzAfmynw
	tmK88BfRu1rLCsDRPeUbdw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1775501176; x=
	1775587576; bh=lMTjrGw3QLRreoYzjHU7Iu9cp8A+2qCYLL6GqjTg/Bg=; b=O
	7LmcBUAtnOTXVRRZa8eCFRr2/gtFHOu8b5bUjkVhcvCsSc84at9PMfN1gYkMw1HU
	8YTVdjC90oCwwyDfIcMf8wWVDKkaXcRD8wylXDos9XPyjEWdhMQ/203U+s9dJULi
	lGxQD0o5RfzsL6UuL7U6KfrqH2FkEqIm6z9uiUowRsb9ZwJZxw/rJDMYTpUrPRwg
	gUH62WWi8yMBPKjzOn8H3+kva1iK8Ek1FGVvqfWxBgQgzkkc8jTnfSV3TnIsa4eM
	FkQFGb58BnucSJF5M35YgFRv1Rusqm3chslkeZB9WHot5ZN/eMxxvHvY/2II9r9j
	6b4Yylo/gIstg58Q1CqHA==
X-ME-Sender: <xms:d__TafyayCg4xxH4LIDp9Su2KZbrnQRiVR8hFJHlu93YPkkvn16c_Q>
    <xme:d__TaR1z4m6qQXAB4mgz2XtyH7HPOom8DtiWuN9QjUp73rxklYN4iA4T-HJRL71wQ
    3MuKKItGGckUi2ubQO4zgm1lX_f-vamSLSgNq02AiUHH95OF84V>
X-ME-Received: 
 <xmr:d__TaV4fs8f2IT4qqHBZXZ4UV72ci3t1ydQrnUE2e3hYawKFjhG9jrm8ZxIY6OWgJf0fKw>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgddukeehtdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpeffhffvvefukfhfgggtugfgjgestheksfdttddtjeenucfhrhhomheptehnughrvghs
    ucfhrhgvuhhnugcuoegrnhgurhgvshesrghnrghrrgiivghlrdguvgeqnecuggftrfgrth
    htvghrnheptdelledvgfejvdffieeukeefueelfffhgeffhffgffekveeuheeihefhiefg
    hfdvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprg
    hnughrvghssegrnhgrrhgriigvlhdruggvpdhnsggprhgtphhtthhopeegpdhmohguvgep
    shhmthhpohhuthdprhgtphhtthhopehjrggtohgsrdgthhgrmhhpihhonhesvghnthgvrh
    hprhhishgvuggsrdgtohhmpdhrtghpthhtohepphhgshhqlhdqhhgrtghkvghrsheslhhi
    shhtshdrphhoshhtghhrvghsqhhlrdhorhhgpdhrtghpthhtoheprghnughrvggrshesph
    hrohigvghlrdhsvgdprhgtphhtthhopehgrghlkhhinhesrhhuthhokhgvnhdrrhhu
X-ME-Proxy: <xmx:d__TacUEXBEqDgI4LXT313h2ujl_tAp-WJ6NO1jLz4k45sHgVbtJ8A>
    <xmx:d__TacBTqZorv25GRI2NeUog7Jkr0Jc3jok43Hkp6PQqO62wF7tuOg>
    <xmx:d__TaT48Qjhgm1_JyX1u7UwphGxkyLNMAjtRbHv2BbwazHY3Ahm-bw>
    <xmx:d__TafxAqN7nSJMHj8Uoe1QG35rN65cZZY3oie0NkYA9TGyRsO6SgQ>
    <xmx:eP_TaXlgBWrPJO0J0aKMRjQvNjiXN7MGv2xJZiCo_qiBsHW82DuRvB0U>
Feedback-ID: id4a34324:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 6 Apr 2026 14:46:15 -0400 (EDT)
Date: Mon, 6 Apr 2026 14:46:14 -0400
From: Andres Freund <andres@anarazel.de>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: Andreas Karlsson <andreas@proxel.se>,
	=?utf-8?B?0JPQsNC70LrQuNC9INCh0LXRgNCz0LXQuQ==?= <galkin@rutoken.ru>,
	"pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Subject: Re: DEREF_AFTER_NULL: src/common/jsonapi.c:2529
Message-ID: <leyiwkml7kyrdxwjzhcmmi6rtyxxwofokfxhlkpbagfprmbqw2@jxdckvomcmug>
References: <0b32e30f2fb94ae3b7f4ee15bbb072c0@rutoken.ru>
 <107eb23a-8ebb-42bc-99c0-ca551733e94e@proxel.se>
 <CAOYmi+muy=Wtk0dv6J5HmcFTMvrPMe2MGN2X+hjZL7DKSUEXLQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: 
 <CAOYmi+muy=Wtk0dv6J5HmcFTMvrPMe2MGN2X+hjZL7DKSUEXLQ@mail.gmail.com>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/leyiwkml7kyrdxwjzhcmmi6rtyxxwofokfxhlkpbagfprmbqw2%40jxdckvomcmug>
Precedence: bulk

Hi,

On 2026-04-06 10:57:22 -0700, Jacob Champion wrote:
> On Mon, Apr 6, 2026 at 4:59 AM Andreas Karlsson <andreas@proxel.se> wrote:
> > The code is correct but a bit confusing.
> 
> Yeah, it's not great. The need for this (security-critical!) code to
> wrangle three separate allocation conventions is error-prone, to say
> the least.

Indeed, that's quite terrible.

I guess getting rid of the stringinfo/pqexpbuffer split is not that easy, but
at least the common memory allocation stuff seems like it should be doable to
put through through the same wrappers for both FE/BE, handling whether we want
to error out or not by passing MCXT_ALLOC_NO_OOM or not.

That would require something like pstrdup_extended() to be added to both FE &
BE, but that seems doable?

I don't understand why that code needs stuff like

/*
 * Backend pfree() doesn't handle NULL pointers like the frontend's does; smooth
 * that over to reduce mental gymnastics. Avoid multiple evaluation of the macro
 * argument to avoid future hair-pulling.
 */
#define FREE(s) do {	\
	void *__v = (s);	\
	if (__v)			\
		pfree(__v);		\
} while (0)

How is the only sane answer here not to avoid ever freeing NULLs?
Particularly because this code started out as backend code. Yea, yea, we
probably didn't have NULLs due to erroring out on allocation failure, but
still.

Kinda seems like the fe_memutils.c pfree() should assert that the argument is
not null.




> > adding this noop NULL check to silence a false positive from a
> > static analyzer does not seem like an improvement.
> 
> We do occasionally merge code to silence false positives, and we could
> maybe do something with pg_assume() here, but I agree that it'd be
> better to refactor it so that it's obviously correct.

FWIW, it can be silenced by marking makeStringInfoExt() with
__attribute__((returns_nonnull)). Whether that's worth doing is a different
question.


Greetings,

Andres Freund