Fix possible NULL pointer dereference in GetNamedDSMSegment().

GetNamedDSMSegment() doesn't check whether dsm_attach() returns NULL, which creates the possibility of a NULL pointer dereference soon after. To fix, emit an ERROR if dsm_attach() returns NULL. This shouldn't happen, but it would be nice to avoid a segfault if it does. In passing, tidy up the surrounding code. Reported-by: Tom Lane Reviewed-by: Michael Paquier, Bharath Rupireddy Discussion: https://postgr.es/m/3348869.1705854106%40sss.pgh.pa.us
2024-01-22 20:44:38 -06:00 · 2024-01-22 20:44:38 -06:00 · 4372adfa24
commit 4372adfa24
parent cdd863480c
1 changed files with 13 additions and 10 deletions
--- a/src/backend/storage/ipc/dsm_registry.c
+++ b/src/backend/storage/ipc/dsm_registry.c
@ -177,18 +177,21 @@ GetNamedDSMSegment(const char *name, size_t size,
 				(errmsg("requested DSM segment size does not match size of "
 						"existing segment")));
 	}
-	else if (!dsm_find_mapping(entry->handle))
-	{
-		/* Attach to existing segment. */
-		dsm_segment *seg = dsm_attach(entry->handle);
-
-		dsm_pin_mapping(seg);
-		ret = dsm_segment_address(seg);
-	}
 	else
 	{
-		/* Return address of an already-attached segment. */
-		ret = dsm_segment_address(dsm_find_mapping(entry->handle));
+		dsm_segment *seg = dsm_find_mapping(entry->handle);
+
+		/* If the existing segment is not already attached, attach it now. */
+		if (seg == NULL)
+		{
+			seg = dsm_attach(entry->handle);
+			if (seg == NULL)
+				elog(ERROR, "could not map dynamic shared memory segment");
+
+			dsm_pin_mapping(seg);
+		}
+
+		ret = dsm_segment_address(seg);
 	}

 	dshash_release_lock(dsm_registry_table, entry);