From d74ecbc8d85eb7a2aa1d5516c5c38d6ab0cbbd82 Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Fri, 6 Jan 2017 15:27:47 -0500 Subject: [PATCH] Protect against NULL-dereference in pg_dump findTableByOid() is allowed to return NULL and we should therefore be checking for that case. getOwnedSeqs() and dumpSequence() shouldn't ever actually see this happen, but given odd circumstances it might and commit f9e439b1 probably shouldn't have removed that check. Pointed out by Coverity. Initial patch from Michael Paquier. Back-patch to 9.6, where that commit had removed the check. --- src/bin/pg_dump/pg_dump.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 6a53a05129..c1084aaf8d 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -5643,6 +5643,9 @@ getOwnedSeqs(Archive *fout, TableInfo tblinfo[], int numTables) continue; /* not an owned sequence */ owning_tab = findTableByOid(seqinfo->owning_tab); + if (owning_tab == NULL) + exit_horribly(NULL, "failed sanity check, parent table OID %u of sequence OID %u not found\n", + seqinfo->owning_tab, seqinfo->dobj.catId.oid); /* * We need to dump the components that are being dumped for the table @@ -15583,7 +15586,11 @@ dumpSequence(Archive *fout, TableInfo *tbinfo) { TableInfo *owning_tab = findTableByOid(tbinfo->owning_tab); - if (owning_tab && owning_tab->dobj.dump & DUMP_COMPONENT_DEFINITION) + if (owning_tab == NULL) + exit_horribly(NULL, "failed sanity check, parent table OID %u of sequence OID %u not found\n", + tbinfo->owning_tab, tbinfo->dobj.catId.oid); + + if (owning_tab->dobj.dump & DUMP_COMPONENT_DEFINITION) { resetPQExpBuffer(query); appendPQExpBuffer(query, "ALTER SEQUENCE %s",