From 4e46c97fde42fa8ca57d29b9b47f2ebd11ab8105 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 16 Jan 2017 13:53:40 -0500 Subject: [PATCH] Fix NULL pointer dereference in tuplesort.c. Oversight in commit e94568ecc. This could cause a crash when an external datum tuplesort of a pass-by-value type required multiple passes. Per report from Mithun Cy. Peter Geoghegan Discussion: https://postgr.es/m/CAD__OujuhfWFULGFSt1fyHqUb8N-XafjJhudwt88V0Qs2o84qg@mail.gmail.com --- src/backend/utils/sort/tuplesort.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/backend/utils/sort/tuplesort.c b/src/backend/utils/sort/tuplesort.c index cbaf009cdf..e1e692d5f0 100644 --- a/src/backend/utils/sort/tuplesort.c +++ b/src/backend/utils/sort/tuplesort.c @@ -2800,7 +2800,8 @@ mergeonerun(Tuplesortstate *state) WRITETUP(state, destTape, &state->memtuples[0]); /* recycle the slot of the tuple we just wrote out, for the next read */ - RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple); + if (state->memtuples[0].tuple) + RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple); /* * pull next tuple from the tape, and replace the written-out tuple in