From: Robert Haas <rhaas@postgresql.org>
Date: Mon, 2 Dec 2013 15:40:33 +0000 (-0500)
Subject: Avoid out-of-bounds read in errfinish if error_stack_depth < 0.
X-Git-Tag: REL9_4_BETA1~844
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9d140f7be2836e3baf6c9dc7989dea69ef693532;p=postgresql

Avoid out-of-bounds read in errfinish if error_stack_depth < 0.

If errordata_stack_depth < 0, we won't find that out and correct the
problem until CHECK_STACK_DEPTH() is invoked.  In the meantime,
elevel will be set based on an invalid read.  This is probably
harmless in practice, but it seems cleaner this way.

Xi Wang
---

diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
index e648792d22..65eb3bd8de 100644
--- a/src/backend/utils/error/elog.c
+++ b/src/backend/utils/error/elog.c
@@ -397,12 +397,13 @@ void
 errfinish(int dummy,...)
 {
 	ErrorData  *edata = &errordata[errordata_stack_depth];
-	int			elevel = edata->elevel;
+	int			elevel;
 	MemoryContext oldcontext;
 	ErrorContextCallback *econtext;
 
 	recursion_depth++;
 	CHECK_STACK_DEPTH();
+	elevel = edata->elevel;
 
 	/*
 	 * Do processing in ErrorContext, which we hope has enough reserved space