From c693c5c4904d9afdd97cbe414248583d57b59ce4 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 25 Aug 2019 15:04:04 -0400 Subject: [PATCH] Avoid platform-specific null pointer dereference in psql. POSIX permits getopt() to advance optind beyond argc when the last argv entry is an option that requires an argument and hasn't got one. It seems that no major platforms actually do that, but musl does, so that something like "psql -f" would crash with that libc. Add a check that optind is in range before trying to look at the possibly-bogus option. Report and fix by Quentin Rameau. Back-patch to all supported branches. Discussion: https://postgr.es/m/20190825100617.GA6087@fifth.space --- src/bin/psql/startup.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/bin/psql/startup.c b/src/bin/psql/startup.c index 210be63f67c..4a4ce82e595 100644 --- a/src/bin/psql/startup.c +++ b/src/bin/psql/startup.c @@ -552,15 +552,17 @@ parse_psql_options(int argc, char *argv[], struct adhoc_opts * options) options->single_txn = true; break; case '?': - /* Actual help option given */ - if (strcmp(argv[optind - 1], "--help") == 0 || strcmp(argv[optind - 1], "-?") == 0) + if (optind <= argc && + (strcmp(argv[optind - 1], "--help") == 0 || + strcmp(argv[optind - 1], "-?") == 0)) { + /* actual help option given */ usage(); exit(EXIT_SUCCESS); } - /* unknown option reported by getopt */ else { + /* getopt error (unknown option or missing argument) */ fprintf(stderr, _("Try \"%s --help\" for more information.\n"), pset.progname); exit(EXIT_FAILURE);