git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 21 Jul 2020 15:40:46 +0000 (11:40 -0400)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Tue, 21 Jul 2020 15:40:46 +0000 (11:40 -0400)
commit	b7103bbe34aa3d66f4618d0abdee5d3107ea8f91
tree	55cffe012d90f56fe60d878e6ea15f8b18fa3b97	tree
parent	798b4faefd205a8527afb82c9a87a419d2e06098	commit \| diff

Avoid direct C access to possibly-null pg_subscription_rel.srsublsn.

This coding technique is unsafe, since we'd be accessing off the end
of the tuple if the field is null.  SIGSEGV is pretty improbable, but
perhaps not impossible.  Also, returning garbage for the LSN doesn't
seem like a great idea, even if callers aren't looking at it today.

Also update docs to point out explicitly that
pg_subscription.subslotname and pg_subscription_rel.srsublsn
can be null.

Perhaps we should mark these two fields BKI_FORCE_NULL, so that
they'd be correctly labeled in databases that are initdb'd in the
future.  But we can't force that for existing databases, and on
balance it's not too clear that having a mix of different catalog
contents in the field would be wise.

Apply to v10 (where this code came in) through v12.  Already
fixed in v13 and HEAD.

Discussion: https://postgr.es/m/732838.1595278439@sss.pgh.pa.us

doc/src/sgml/catalogs.sgml		diff \| blob \| blame \| history
src/backend/catalog/pg_subscription.c		diff \| blob \| blame \| history
src/include/catalog/pg_subscription_rel.h		diff \| blob \| blame \| history