Fix possible NULL-pointer-deference in backup_compression.c.

Per Coverity and Tom Lane. Reviewed by Tom Lane and Justin Pryzby.

Discussion: http://postgr.es/m/384291.1648403267@sss.pgh.pa.us

diff --git a/src/common/backup_compression.c b/src/common/backup_compression.c
index 969e08cca2039968154b4ab20090f41abf744e87..867f2f2eb5eb5dc6a7fb30615691dcf0f7f7b13a 100644 (file)
--- a/src/common/backup_compression.c
+++ b/src/common/backup_compression.c
@@ -191,8 +191,16 @@ parse_bc_specification(bc_algorithm algorithm, char *specification,
                if (value != NULL)
                        pfree(value);
 
-               /* If we got an error or have reached the end of the string, stop. */
-               if (result->parse_error != NULL || *kwend == '\0' || *vend == '\0')
+               /*
+                * If we got an error or have reached the end of the string, stop.
+                *
+                * If there is no value, then the end of the keyword might have been
+                * the end of the string. If there is a value, then the end of the
+                * keyword cannot have been the end of the string, but the end of the
+                * value might have been.
+                */
+               if (result->parse_error != NULL ||
+                       (vend == NULL ? *kwend == '\0' : *vend == '\0'))
                        break;
 
                /* Advance to next entry and loop around. */