Avoid out-of-bounds read in errfinish if error_stack_depth < 0.

If errordata_stack_depth < 0, we won't find that out and correct the
problem until CHECK_STACK_DEPTH() is invoked.  In the meantime,
elevel will be set based on an invalid read.  This is probably
harmless in practice, but it seems cleaner this way.

Xi Wang

diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
index e648792d22e6a76004912366c0e01345134632a9..65eb3bd8decaa25fdbf6675ba9b7b4be05243244 100644 (file)
--- a/src/backend/utils/error/elog.c
+++ b/src/backend/utils/error/elog.c
@@ -397,12 +397,13 @@ void
 errfinish(int dummy,...)
 {
        ErrorData  *edata = &errordata[errordata_stack_depth];
-       int                     elevel = edata->elevel;
+       int                     elevel;
        MemoryContext oldcontext;
        ErrorContextCallback *econtext;
 
        recursion_depth++;
        CHECK_STACK_DEPTH();
+       elevel = edata->elevel;
 
        /*
         * Do processing in ErrorContext, which we hope has enough reserved space