Fix NULL pointer dereference in tuplesort.c.

Oversight in commit e94568ecc.  This could cause a crash when an external
datum tuplesort of a pass-by-value type required multiple passes.
Per report from Mithun Cy.

Peter Geoghegan

Discussion: https://postgr.es/m/CAD__OujuhfWFULGFSt1fyHqUb8N-XafjJhudwt88V0Qs2o84qg@mail.gmail.com

diff --git a/src/backend/utils/sort/tuplesort.c b/src/backend/utils/sort/tuplesort.c
index cbaf009cdfc0fb086c021a986e13b271824bd6c9..e1e692d5f0fe5e0fd4e0e62a1bca78ce6f85d4e9 100644 (file)
--- a/src/backend/utils/sort/tuplesort.c
+++ b/src/backend/utils/sort/tuplesort.c
@@ -2800,7 +2800,8 @@ mergeonerun(Tuplesortstate *state)
                WRITETUP(state, destTape, &state->memtuples[0]);
 
                /* recycle the slot of the tuple we just wrote out, for the next read */
-               RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple);
+               if (state->memtuples[0].tuple)
+                       RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple);
 
                /*
                 * pull next tuple from the tape, and replace the written-out tuple in