Silence Coverity complaint about possible null-pointer dereference.

If pg_init_privs were to contain a NULL ACL field, this code would pass old_acl == NULL to merge_acl_with_grant, which would crash. The case shouldn't happen, but it just takes a couple more lines of code to guard against it, so do so. Oversight in 534287403; no back-patch needed.
2024-05-05 11:23:49 -04:00 · 2024-05-05 11:23:49 -04:00 · 713cfaf2a5
parent c34d7df6ad
commit 713cfaf2a5
1 changed files with 11 additions and 8 deletions
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@ -4934,14 +4934,17 @@ RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
 	/*
 	 * Generate new ACL.  Grantor of rights is always the same as the owner.
 	 */
-	new_acl = merge_acl_with_grant(old_acl,
-								   false,	/* is_grant */
-								   false,	/* grant_option */
-								   DROP_RESTRICT,
-								   list_make1_oid(roleid),
-								   ACLITEM_ALL_PRIV_BITS,
-								   ownerId,
-								   ownerId);
+	if (old_acl != NULL)
+		new_acl = merge_acl_with_grant(old_acl,
+									   false,	/* is_grant */
+									   false,	/* grant_option */
+									   DROP_RESTRICT,
+									   list_make1_oid(roleid),
+									   ACLITEM_ALL_PRIV_BITS,
+									   ownerId,
+									   ownerId);
+	else
+		new_acl = NULL;			/* this case shouldn't happen, probably */

 	/* If we end with an empty ACL, delete the pg_init_privs entry. */
 	if (new_acl == NULL || ACL_NUM(new_acl) == 0)