Avoid platform-specific null pointer dereference in psql.

tglsfdc · tglsfdc · commit fb55e95396ca · 2019-08-25T15:04:04.000-04:00
POSIX permits getopt() to advance optind beyond argc when the last argv entry is an option that requires an argument and hasn't got one. It seems that no major platforms actually do that, but musl does, so that something like "psql -f" would crash with that libc. Add a check that optind is in range before trying to look at the possibly-bogus option. Report and fix by Quentin Rameau. Back-patch to all supported branches. Discussion: https://postgr.es/m/20190825100617.GA6087@fifth.space
diff --git a/src/bin/psql/startup.c b/src/bin/psql/startup.c
@@ -619,15 +619,18 @@ parse_psql_options(int argc, char *argv[], struct adhoc_opts *options)
 				options->single_txn = true;
 				break;
 			case '?':
-				/* Actual help option given */
-				if (strcmp(argv[optind - 1], "-?") == 0)
+				if (optind <= argc &&
+					strcmp(argv[optind - 1], "-?") == 0)
 				{
+					/* actual help option given */
 					usage(NOPAGER);
 					exit(EXIT_SUCCESS);
 				}
-				/* unknown option reported by getopt */
 				else
+				{
+					/* getopt error (unknown option or missing argument) */
 					goto unknown_option;
+				}
 				break;
 			case 1:
 				{
