From 713cfaf2a576a9896fdd9b5aad51f6ebeb91a3c7 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 5 May 2024 11:23:49 -0400 Subject: [PATCH] Silence Coverity complaint about possible null-pointer dereference. If pg_init_privs were to contain a NULL ACL field, this code would pass old_acl == NULL to merge_acl_with_grant, which would crash. The case shouldn't happen, but it just takes a couple more lines of code to guard against it, so do so. Oversight in 534287403; no back-patch needed. --- src/backend/catalog/aclchk.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index e6cc720579..143876b77f 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -4934,14 +4934,17 @@ RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid) /* * Generate new ACL. Grantor of rights is always the same as the owner. */ - new_acl = merge_acl_with_grant(old_acl, - false, /* is_grant */ - false, /* grant_option */ - DROP_RESTRICT, - list_make1_oid(roleid), - ACLITEM_ALL_PRIV_BITS, - ownerId, - ownerId); + if (old_acl != NULL) + new_acl = merge_acl_with_grant(old_acl, + false, /* is_grant */ + false, /* grant_option */ + DROP_RESTRICT, + list_make1_oid(roleid), + ACLITEM_ALL_PRIV_BITS, + ownerId, + ownerId); + else + new_acl = NULL; /* this case shouldn't happen, probably */ /* If we end with an empty ACL, delete the pg_init_privs entry. */ if (new_acl == NULL || ACL_NUM(new_acl) == 0)