From: Nathan Bossart <nathan@postgresql.org>
Date: Thu, 14 May 2026 18:11:49 +0000 (-0500)
Subject: refint: Fix segfault in check_foreign_key().
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=611756948eef3a3a1babc3418fc254077528b679;p=thirdparty%2Fpostgresql.git

refint: Fix segfault in check_foreign_key().

When an UPDATE statement triggers check_foreign_key() with the
action set to "cascade", it generates more UPDATE statements to
modify the key values in referencing relations.  If a new key value
is NULL, SPI_getvalue() returns a NULL pointer, which is
subsequently passed to quote_literal_cstr(), causing a segfault.
To fix, skip quoting when a new key value is NULL and insert an
unquoted NULL keyword instead.

Oversight in commit 260e97733b.  While the refint documentation
recommends marking primary key columns NOT NULL, the aforementioned
scenario accidentally worked on platforms where snprintf()
substitutes "(null)" for NULL pointers.  Note that for
character-type columns, the old code quoted "(null)" as a string
literal, so this didn't always produce correct results.  But it
still seems better to fix this than to reject cases that previously
worked.

Reported-by: Nikita Kalinin <n.kalinin@postgrespro.ru>
Author: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Reviewed-by: Pierre Forstmann <pierre.forstmann@gmail.com>
Discussion: https://postgr.es/m/19476-bd04ea6241345303%40postgresql.org
Backpatch-through: 14
---

diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c
index c44c87bcd96..48512a664d2 100644
--- a/contrib/spi/refint.c
+++ b/contrib/spi/refint.c
@@ -487,7 +487,8 @@ check_foreign_key(PG_FUNCTION_ARGS)
 						nv = SPI_getvalue(newtuple, tupdesc, fn);
 
 						appendStringInfo(&sql, " %s = %s ",
-										 args2[k], quote_literal_cstr(nv));
+										 args2[k],
+										 nv ? quote_literal_cstr(nv) : "NULL");
 						if (k < nkeys)
 							appendStringInfoString(&sql, ", ");
 					}