Silence Coverity complaint about possible null-pointer dereference.

If pg_init_privs were to contain a NULL ACL field, this code would pass old_acl == NULL to merge_acl_with_grant, which would crash. The case shouldn't happen, but it just takes a couple more lines of code to guard against it, so do so. Oversight in 534287403; no back-patch needed.
author: Tom Lane 2024-05-05 15:23:49 +0000
committer: Tom Lane 2024-05-05 15:23:49 +0000
commit: 713cfaf2a576a9896fdd9b5aad51f6ebeb91a3c7 (patch)
tree: 423d4297f3db6ce37192ef38a40d5e4c074b8616 /src
parent: c34d7df6ad5394c790941a8a4f1a1c71573b47f9 (diff)
1 files changed, 11 insertions, 8 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index e6cc720579c..143876b77ff 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -4934,14 +4934,17 @@ RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
 	/*
 	 * Generate new ACL.  Grantor of rights is always the same as the owner.
 	 */
-	new_acl = merge_acl_with_grant(old_acl,
-								   false,	/* is_grant */
-								   false,	/* grant_option */
-								   DROP_RESTRICT,
-								   list_make1_oid(roleid),
-								   ACLITEM_ALL_PRIV_BITS,
-								   ownerId,
-								   ownerId);
+	if (old_acl != NULL)
+		new_acl = merge_acl_with_grant(old_acl,
+									   false,	/* is_grant */
+									   false,	/* grant_option */
+									   DROP_RESTRICT,
+									   list_make1_oid(roleid),
+									   ACLITEM_ALL_PRIV_BITS,
+									   ownerId,
+									   ownerId);
+	else
+		new_acl = NULL;			/* this case shouldn't happen, probably */
 
 	/* If we end with an empty ACL, delete the pg_init_privs entry. */
 	if (new_acl == NULL || ACL_NUM(new_acl) == 0)
author	Tom Lane	2024-05-05 15:23:49 +0000
committer	Tom Lane	2024-05-05 15:23:49 +0000
commit	713cfaf2a576a9896fdd9b5aad51f6ebeb91a3c7 (patch)
tree	423d4297f3db6ce37192ef38a40d5e4c074b8616 /src
parent	c34d7df6ad5394c790941a8a4f1a1c71573b47f9 (diff)