From 4372adfa24f2f5ddc587317d634b5389bd764106 Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Mon, 22 Jan 2024 20:44:38 -0600 Subject: [PATCH] Fix possible NULL pointer dereference in GetNamedDSMSegment(). GetNamedDSMSegment() doesn't check whether dsm_attach() returns NULL, which creates the possibility of a NULL pointer dereference soon after. To fix, emit an ERROR if dsm_attach() returns NULL. This shouldn't happen, but it would be nice to avoid a segfault if it does. In passing, tidy up the surrounding code. Reported-by: Tom Lane Reviewed-by: Michael Paquier, Bharath Rupireddy Discussion: https://postgr.es/m/3348869.1705854106%40sss.pgh.pa.us --- src/backend/storage/ipc/dsm_registry.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/src/backend/storage/ipc/dsm_registry.c b/src/backend/storage/ipc/dsm_registry.c index ac11f51375e..c1781736532 100644 --- a/src/backend/storage/ipc/dsm_registry.c +++ b/src/backend/storage/ipc/dsm_registry.c @@ -177,18 +177,21 @@ GetNamedDSMSegment(const char *name, size_t size, (errmsg("requested DSM segment size does not match size of " "existing segment"))); } - else if (!dsm_find_mapping(entry->handle)) - { - /* Attach to existing segment. */ - dsm_segment *seg = dsm_attach(entry->handle); - - dsm_pin_mapping(seg); - ret = dsm_segment_address(seg); - } else { - /* Return address of an already-attached segment. */ - ret = dsm_segment_address(dsm_find_mapping(entry->handle)); + dsm_segment *seg = dsm_find_mapping(entry->handle); + + /* If the existing segment is not already attached, attach it now. */ + if (seg == NULL) + { + seg = dsm_attach(entry->handle); + if (seg == NULL) + elog(ERROR, "could not map dynamic shared memory segment"); + + dsm_pin_mapping(seg); + } + + ret = dsm_segment_address(seg); } dshash_release_lock(dsm_registry_table, entry);