From e42e2f38907681c48c43f49c5ec9f9f41a9aa9a5 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Tue, 28 Nov 2017 11:28:05 -0500
Subject: [PATCH] PL/Python: Fix potential NULL pointer dereference

After d0aa965c0a0ac2ff7906ae1b1dad50a7952efa56, one error path in
PLy_spi_execute_fetch_result() could result in the variable "result"
being dereferenced after being set to NULL.  To fix that, just clear the
resources right there and return early.

Also add another SPI_freetuptable() call so that that is cleared in all
error paths.

discovered by John Naylor <jcnaylor@gmail.com> via scan-build
---
 src/pl/plpython/plpy_spi.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/pl/plpython/plpy_spi.c b/src/pl/plpython/plpy_spi.c
index ade27f3924..c80ccf6129 100644
--- a/src/pl/plpython/plpy_spi.c
+++ b/src/pl/plpython/plpy_spi.c
@@ -361,7 +361,10 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, uint64 rows, int status)
 
 	result = (PLyResultObject *) PLy_result_new();
 	if (!result)
+	{
+		SPI_freetuptable(tuptable);
 		return NULL;
+	}
 	Py_DECREF(result->status);
 	result->status = PyInt_FromLong(status);
 
@@ -414,7 +417,9 @@ PLy_spi_execute_fetch_result(SPITupleTable *tuptable, uint64 rows, int status)
 				if (!result->rows)
 				{
 					Py_DECREF(result);
-					result = NULL;
+					MemoryContextDelete(cxt);
+					SPI_freetuptable(tuptable);
+					return NULL;
 				}
 				else
 				{
-- 
2.40.0