From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 16 Jan 2017 18:53:40 +0000 (-0500)
Subject: Fix NULL pointer dereference in tuplesort.c.
X-Git-Tag: REL_10_BETA1~1108
X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=4e46c97fde42fa8ca57d29b9b47f2ebd11ab8105;p=postgresql.git

Fix NULL pointer dereference in tuplesort.c.

Oversight in commit e94568ecc.  This could cause a crash when an external
datum tuplesort of a pass-by-value type required multiple passes.
Per report from Mithun Cy.

Peter Geoghegan

Discussion: https://postgr.es/m/CAD__OujuhfWFULGFSt1fyHqUb8N-XafjJhudwt88V0Qs2o84qg@mail.gmail.com
---

diff --git a/src/backend/utils/sort/tuplesort.c b/src/backend/utils/sort/tuplesort.c
index cbaf009cdfc..e1e692d5f0f 100644
--- a/src/backend/utils/sort/tuplesort.c
+++ b/src/backend/utils/sort/tuplesort.c
@@ -2800,7 +2800,8 @@ mergeonerun(Tuplesortstate *state)
 		WRITETUP(state, destTape, &state->memtuples[0]);
 
 		/* recycle the slot of the tuple we just wrote out, for the next read */
-		RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple);
+		if (state->memtuples[0].tuple)
+			RELEASE_SLAB_SLOT(state, state->memtuples[0].tuple);
 
 		/*
 		 * pull next tuple from the tape, and replace the written-out tuple in