Fix various instances of undefined behavior

Mostly this involves checking for NULL pointer before doing operations
that add a non-zero offset.

The exception is an overflow warning in heap_fetch_toast_slice(). This
was caused by unneeded parentheses forcing an expression to be
evaluated to a negative integer, which then got cast to size_t.

Per clang 21 undefined behavior sanitizer.

Backpatch to all supported versions.

Co-authored-by: Alexander Lakhin <exclusion@gmail.com>
Reported-by: Alexander Lakhin <exclusion@gmail.com>
Discussion: https://postgr.es/m/777bd201-6e3a-4da0-a922-4ea9de46a3ee@gmail.com
Backpatch-through: 14

diff --git a/contrib/pg_trgm/trgm_gist.c b/contrib/pg_trgm/trgm_gist.c
index 5ba895217b0a914adc9ae2162f6bf8dac3189a4e..43afd11fa674326c23b62d058c8aea0aa6ebfc68 100644 (file)
--- a/contrib/pg_trgm/trgm_gist.c
+++ b/contrib/pg_trgm/trgm_gist.c
@@ -699,10 +699,13 @@ gtrgm_penalty(PG_FUNCTION_ARGS)
        if (ISARRKEY(newval))
        {
                char       *cache = (char *) fcinfo->flinfo->fn_extra;
-               TRGM       *cachedVal = (TRGM *) (cache + MAXALIGN(siglen));
+               TRGM       *cachedVal = NULL;
                Size            newvalsize = VARSIZE(newval);
                BITVECP         sign;
 
+               if (cache != NULL)
+                       cachedVal = (TRGM *) (cache + MAXALIGN(siglen));
+
                /*
                 * Cache the sign data across multiple calls with the same newval.
                 */

diff --git a/src/backend/access/heap/heaptoast.c b/src/backend/access/heap/heaptoast.c
index cb1e57030f64c4d330146b923fcc6775f961bbab..c6022ff139c19f3a3b3e6ff0ccd7c0b46d656f0a 100644 (file)
--- a/src/backend/access/heap/heaptoast.c
+++ b/src/backend/access/heap/heaptoast.c
@@ -768,7 +768,7 @@ heap_fetch_toast_slice(Relation toastrel, Oid valueid, int32 attrsize,
                        chcpyend = (sliceoffset + slicelength - 1) % TOAST_MAX_CHUNK_SIZE;
 
                memcpy(VARDATA(result) +
-                          (curchunk * TOAST_MAX_CHUNK_SIZE - sliceoffset) + chcpystrt,
+                          curchunk * TOAST_MAX_CHUNK_SIZE - sliceoffset + chcpystrt,
                           chunkdata + chcpystrt,
                           (chcpyend - chcpystrt) + 1);
 

diff --git a/src/backend/utils/adt/multirangetypes.c b/src/backend/utils/adt/multirangetypes.c
index cd84ced5b487cd8af23d2ba1772dfc7167b36115..943961fe0ecd98b62ef517cd2252db97e11140e5 100644 (file)
--- a/src/backend/utils/adt/multirangetypes.c
+++ b/src/backend/utils/adt/multirangetypes.c
@@ -483,8 +483,9 @@ multirange_canonicalize(TypeCacheEntry *rangetyp, int32 input_range_count,
        int32           output_range_count = 0;
 
        /* Sort the ranges so we can find the ones that overlap/meet. */
-       qsort_arg(ranges, input_range_count, sizeof(RangeType *), range_compare,
-                         rangetyp);
+       if (ranges != NULL)
+               qsort_arg(ranges, input_range_count, sizeof(RangeType *),
+                                 range_compare, rangetyp);
 
        /* Now merge where possible: */
        for (i = 0; i < input_range_count; i++)

diff --git a/src/backend/utils/sort/sharedtuplestore.c b/src/backend/utils/sort/sharedtuplestore.c
index 2f031c329094ad62a349c1bf3f2b7241326150e4..7a5569860689cd52ed7fac7d778baf47dcb42e3c 100644 (file)
--- a/src/backend/utils/sort/sharedtuplestore.c
+++ b/src/backend/utils/sort/sharedtuplestore.c
@@ -324,7 +324,8 @@ sts_puttuple(SharedTuplestoreAccessor *accessor, void *meta_data,
 
        /* Do we have space? */
        size = accessor->sts->meta_data_size + tuple->t_len;
-       if (accessor->write_pointer + size > accessor->write_end)
+       if (accessor->write_pointer == NULL ||
+               accessor->write_pointer + size > accessor->write_end)
        {
                if (accessor->write_chunk == NULL)
                {