From: Stephen Frost Date: Mon, 15 Jul 2013 18:53:17 +0000 (-0400) Subject: Check get_tle_by_resno() result before deref X-Git-Tag: REL9_4_BETA1~1322 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4ed22e891f9915b02b753ee8763a8f2438234fc6;p=postgresql Check get_tle_by_resno() result before deref When creating a sort to support a group by, we need to look up the target entry in the target list by the resno using get_tle_by_resno(). This particular code-path didn't check the result prior to attempting to dereference it, while all other callers did. While I can't see a way for this usage of get_tle_by_resno() to fail (you can't ask for a column to be sorted on which isn't included in the group by), it's probably best to check that we didn't end up with a NULL somehow anyway than risk the segfault. I'm willing to back-patch this if others feel it's necessary, but my guess is new features are what might tickle this rather than anything existing. Missing check spotted by the Coverity scanner. --- diff --git a/src/backend/optimizer/plan/createplan.c b/src/backend/optimizer/plan/createplan.c index 52bab79007..2560e9cbc1 100644 --- a/src/backend/optimizer/plan/createplan.c +++ b/src/backend/optimizer/plan/createplan.c @@ -4188,6 +4188,9 @@ make_sort_from_groupcols(PlannerInfo *root, SortGroupClause *grpcl = (SortGroupClause *) lfirst(l); TargetEntry *tle = get_tle_by_resno(sub_tlist, grpColIdx[numsortkeys]); + if (!tle) + elog(ERROR, "could not retrive tle for sort-from-groupcols"); + sortColIdx[numsortkeys] = tle->resno; sortOperators[numsortkeys] = grpcl->sortop; collations[numsortkeys] = exprCollation((Node *) tle->expr);