From: David Rowley <drowley@postgresql.org>
Date: Wed, 19 Apr 2023 22:34:46 +0000 (+1200)
Subject: Fix list_copy_head() with empty Lists
X-Git-Tag: REL_16_BETA1~163
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e35ded29566f679e52888a8d34468bb51bc78bed;p=thirdparty%2Fpostgresql.git

Fix list_copy_head() with empty Lists

list_copy_head() given an empty List would crash from trying to
dereference the List to obtain its length.  Since NIL is how we represent
an empty List, we should just be returning another empty List in this
case.

list_copy_head() is new to v16, so let's fix it now before too many people
start coding around the buggy NIL behavior.

Reported-by: Miroslav Bendik
Discussion: https://postgr.es/m/CAPoEpV02WhawuWnmnKet6BqU63bEu7oec0pJc=nKMtPsHMzTXQ@mail.gmail.com
---

diff --git a/src/backend/nodes/list.c b/src/backend/nodes/list.c
index a709d23ef1c..750ee5a7e55 100644
--- a/src/backend/nodes/list.c
+++ b/src/backend/nodes/list.c
@@ -1593,11 +1593,11 @@ list_copy_head(const List *oldlist, int len)
 {
 	List	   *newlist;
 
-	len = Min(oldlist->length, len);
-
-	if (len <= 0)
+	if (oldlist == NIL || len <= 0)
 		return NIL;
 
+	len = Min(oldlist->length, len);
+
 	newlist = new_list(oldlist->type, len);
 	memcpy(newlist->elements, oldlist->elements, len * sizeof(ListCell));