Be more wary about NULL values for GUC string variables.

tglsfdc · tglsfdc · commit 65810fc6d0f6 · 2023-11-02T11:47:33.000-04:00
get_explain_guc_options() crashed if a string GUC marked GUC_EXPLAIN has a NULL boot_val. Nosing around found a couple of other places that seemed insufficiently cautious about NULL string values, although those are likely unreachable in practice. Add some commentary defining the expectations for NULL values of string variables, in hopes of forestalling future additions of more such bugs. Xing Guo, Aleksander Alekseev, Tom Lane Discussion: https://postgr.es/m/CACpMh+AyDx5YUpPaAgzVwC1d8zfOL4JoD-uyFDnNSa1z0EsDQQ@mail.gmail.com
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
@@ -8965,7 +8965,14 @@ get_explain_guc_options(int *num)
 				{
 					struct config_string *lconf = (struct config_string *) conf;
 
-					modified = (strcmp(lconf->boot_val, *(lconf->variable)) != 0);
+					if (lconf->boot_val == NULL &&
+						*lconf->variable == NULL)
+						modified = false;
+					else if (lconf->boot_val == NULL ||
+							 *lconf->variable == NULL)
+						modified = true;
+					else
+						modified = (strcmp(lconf->boot_val, *(lconf->variable)) != 0);
 				}
 				break;
 
@@ -9720,7 +9727,8 @@ write_one_nondefault_variable(FILE *fp, struct config_generic *gconf)
 			{
 				struct config_string *conf = (struct config_string *) gconf;
 
-				fprintf(fp, "%s", *conf->variable);
+				if (*conf->variable)
+					fprintf(fp, "%s", *conf->variable);
 			}
 			break;
 
diff --git a/src/include/utils/guc_tables.h b/src/include/utils/guc_tables.h
@@ -223,6 +223,16 @@ struct config_real
 	void	   *reset_extra;
 };
 
+/*
+ * A note about string GUCs: the boot_val is allowed to be NULL, which leads
+ * to the reset_val and the actual variable value (*variable) also being NULL.
+ * However, there is no way to set a NULL value subsequently using
+ * set_config_option or any other GUC API.  Also, GUC APIs such as SHOW will
+ * display a NULL value as an empty string.  Callers that choose to use a NULL
+ * boot_val should overwrite the setting later in startup, or else be careful
+ * that NULL doesn't have semantics that are visibly different from an empty
+ * string.
+ */
 struct config_string
 {
 	struct config_generic gen;

Original file line number	Diff line number	Diff line change
`@@ -8965,7 +8965,14 @@ get_explain_guc_options(int *num)`
`8965`	`8965`	`{`
`8966`	`8966`	`struct config_string lconf = (struct config_string ) conf;`
`8967`	`8967`
`8968`		`- modified = (strcmp(lconf->boot_val, *(lconf->variable)) != 0);`
	`8968`	`+ if (lconf->boot_val == NULL &&`
	`8969`	`+ *lconf->variable == NULL)`
	`8970`	`+ modified = false;`
	`8971`	`+ else if (lconf->boot_val == NULL \|\|`
	`8972`	`+ *lconf->variable == NULL)`
	`8973`	`+ modified = true;`
	`8974`	`+ else`
	`8975`	`+ modified = (strcmp(lconf->boot_val, *(lconf->variable)) != 0);`
`8969`	`8976`	`}`
`8970`	`8977`	`break;`
`8971`	`8978`
`@@ -9720,7 +9727,8 @@ write_one_nondefault_variable(FILE fp, struct config_generic gconf)`
`9720`	`9727`	`{`
`9721`	`9728`	`struct config_string conf = (struct config_string ) gconf;`
`9722`	`9729`
`9723`		`- fprintf(fp, "%s", *conf->variable);`
	`9730`	`+ if (*conf->variable)`
	`9731`	`+ fprintf(fp, "%s", *conf->variable);`
`9724`	`9732`	`}`
`9725`	`9733`	`break;`
`9726`	`9734`