Fix various instances of undefined behavior

Mostly this involves checking for NULL pointer before doing operations
that add a non-zero offset.

The exception is an overflow warning in heap_fetch_toast_slice(). This
was caused by unneeded parentheses forcing an expression to be
evaluated to a negative integer, which then got cast to size_t.

Per clang 21 undefined behavior sanitizer.

Backpatch to all supported versions.

Co-authored-by: Alexander Lakhin <exclusion@gmail.com>
Reported-by: Alexander Lakhin <exclusion@gmail.com>
Discussion: https://postgr.es/m/777bd201-6e3a-4da0-a922-4ea9de46a3ee@gmail.com
Backpatch-through: 14

diff --git a/contrib/pg_trgm/trgm_gist.c b/contrib/pg_trgm/trgm_gist.c
index 6f28db7d1edb19a1b487ab559723b105b28aea70..711413df491b039724ed8485cdfa6cc81853f7d5 100644 (file)
--- a/contrib/pg_trgm/trgm_gist.c
+++ b/contrib/pg_trgm/trgm_gist.c
@@ -692,10 +692,13 @@ gtrgm_penalty(PG_FUNCTION_ARGS)
        if (ISARRKEY(newval))
        {
                char       *cache = (char *) fcinfo->flinfo->fn_extra;
-               TRGM       *cachedVal = (TRGM *) (cache + MAXALIGN(siglen));
+               TRGM       *cachedVal = NULL;
                Size            newvalsize = VARSIZE(newval);
                BITVECP         sign;
 
+               if (cache != NULL)
+                       cachedVal = (TRGM *) (cache + MAXALIGN(siglen));
+
                /*
                 * Cache the sign data across multiple calls with the same newval.
                 */

diff --git a/src/backend/access/heap/heaptoast.c b/src/backend/access/heap/heaptoast.c
index 55bbe1d584760a849960871296dfbdd7447b2b67..5f9ac79c148a79a8d557408ea23e3ad44e52ba93 100644 (file)
--- a/src/backend/access/heap/heaptoast.c
+++ b/src/backend/access/heap/heaptoast.c
@@ -770,7 +770,7 @@ heap_fetch_toast_slice(Relation toastrel, Oid valueid, int32 attrsize,
                        chcpyend = (sliceoffset + slicelength - 1) % TOAST_MAX_CHUNK_SIZE;
 
                memcpy(VARDATA(result) +
-                          (curchunk * TOAST_MAX_CHUNK_SIZE - sliceoffset) + chcpystrt,
+                          curchunk * TOAST_MAX_CHUNK_SIZE - sliceoffset + chcpystrt,
                           chunkdata + chcpystrt,
                           (chcpyend - chcpystrt) + 1);
 

diff --git a/src/backend/utils/adt/multirangetypes.c b/src/backend/utils/adt/multirangetypes.c
index 51b0ec95ab4f547c3ca7398dd17f477b23004848..64d25fbfe664b73764081e4e5bcc7684010fd09f 100644 (file)
--- a/src/backend/utils/adt/multirangetypes.c
+++ b/src/backend/utils/adt/multirangetypes.c
@@ -477,8 +477,9 @@ multirange_canonicalize(TypeCacheEntry *rangetyp, int32 input_range_count,
        int32           output_range_count = 0;
 
        /* Sort the ranges so we can find the ones that overlap/meet. */
-       qsort_arg(ranges, input_range_count, sizeof(RangeType *), range_compare,
-                         rangetyp);
+       if (ranges != NULL)
+               qsort_arg(ranges, input_range_count, sizeof(RangeType *),
+                                 range_compare, rangetyp);
 
        /* Now merge where possible: */
        for (i = 0; i < input_range_count; i++)

diff --git a/src/backend/utils/sort/sharedtuplestore.c b/src/backend/utils/sort/sharedtuplestore.c
index fd29ce9609e98533f4330f955d1fcb83aab65338..fd246a60b6bce8e4aa475a4ad79e277cde197550 100644 (file)
--- a/src/backend/utils/sort/sharedtuplestore.c
+++ b/src/backend/utils/sort/sharedtuplestore.c
@@ -320,7 +320,8 @@ sts_puttuple(SharedTuplestoreAccessor *accessor, void *meta_data,
 
        /* Do we have space? */
        size = accessor->sts->meta_data_size + tuple->t_len;
-       if (accessor->write_pointer + size > accessor->write_end)
+       if (accessor->write_pointer == NULL ||
+               accessor->write_pointer + size > accessor->write_end)
        {
                if (accessor->write_chunk == NULL)
                {