From: Tatsuo Ishii Date: Thu, 12 Dec 2019 07:33:18 +0000 (+0900) Subject: Fix replication delay worker segfault when application_name is an empty string. X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=refs%2Fheads%2FV3_4_STABLE;p=pgpool2.git Fix replication delay worker segfault when application_name is an empty string. The process calls do_query() to obtain the query result against pg_stat_replication_view. If user sets application_name to an empty string, the result data row packet length will be 0. However do_query() did not consider the length == 0 case, which resulted in giving NULL pointer to strcmp() which is called from the worker process. That means the bug is not specific to this case (a new feature added in Pgpool-II 4.1) but it potentially affects many other places where do_query() gets called, although it had not been reported in the field. So this fix should be applied to all supported branches. Per bug 565. --- diff --git a/src/protocol/pool_process_query.c b/src/protocol/pool_process_query.c index 66dbb0aa1..09a2c28af 100644 --- a/src/protocol/pool_process_query.c +++ b/src/protocol/pool_process_query.c @@ -2747,7 +2747,7 @@ void do_query(POOL_CONNECTION *backend, char *query, POOL_SELECT_RESULT **result res->nullflags[num_data] = len; - if (len > 0) /* NOT NULL? */ + if (len >= 0) /* NOT NULL? */ { res->data[num_data] = palloc(len + 1); memcpy(res->data[num_data], p, len); @@ -2770,7 +2770,7 @@ void do_query(POOL_CONNECTION *backend, char *query, POOL_SELECT_RESULT **result res->nullflags[num_data] = len; - if (len > 0) + if (len >= 0) { p = pool_read2(backend, len); res->data[num_data] = palloc(len + 1);