From 8e053dc6dfbee4ae412e98ad73cfd4662d7453ac Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Wed, 30 Mar 2022 15:53:08 -0400 Subject: [PATCH] Fix possible NULL-pointer-deference in backup_compression.c. Per Coverity and Tom Lane. Reviewed by Tom Lane and Justin Pryzby. Discussion: http://postgr.es/m/384291.1648403267@sss.pgh.pa.us --- src/common/backup_compression.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/common/backup_compression.c b/src/common/backup_compression.c index 969e08cca2..867f2f2eb5 100644 --- a/src/common/backup_compression.c +++ b/src/common/backup_compression.c @@ -191,8 +191,16 @@ parse_bc_specification(bc_algorithm algorithm, char *specification, if (value != NULL) pfree(value); - /* If we got an error or have reached the end of the string, stop. */ - if (result->parse_error != NULL || *kwend == '\0' || *vend == '\0') + /* + * If we got an error or have reached the end of the string, stop. + * + * If there is no value, then the end of the keyword might have been + * the end of the string. If there is a value, then the end of the + * keyword cannot have been the end of the string, but the end of the + * value might have been. + */ + if (result->parse_error != NULL || + (vend == NULL ? *kwend == '\0' : *vend == '\0')) break; /* Advance to next entry and loop around. */