From 3779ac62d709467fe6331c8f0285d42e7487a01c Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sat, 24 Jul 2021 13:41:17 -0400 Subject: [PATCH] Make printf("%s", NULL) print "(null)" instead of crashing. We previously took a hard-line attitude that callers should never print a null string pointer, and doing so is worthy of an assertion failure or crash. However, we've long since flushed out any easy-to-find bugs of that nature. What remains is a lot of code that perhaps could fail that way in hard-to-reach corner cases. For example, in something as simple as ereport(ERROR, (errcode(ERRCODE_UNDEFINED_OBJECT), errmsg("constraint \"%s\" for table \"%s\" does not exist", conname, get_rel_name(relid)))); one must wonder whether it's completely guaranteed that get_rel_name cannot return NULL in this context. If such a situation did occur, the existing policy converts what might be a pretty minor bug into a server crash condition. This is not good for robustness. Hence, let's follow the lead of glibc and print "(null)" instead of failing. We should, of course, still consider it a bug if that behavior is reachable in ordinary use; but crashing seems less desirable than not crashing. This fix works across-the-board in v12 and up, where we always use src/port/snprintf.c. Before that, on most platforms we're at the mercy of the local libc, but it appears that Solaris 10 is the only supported platform where we'd still get a crash. Most other platforms such as *BSD, macOS, and Solaris 11 have adopted glibc's behavior at some point. (AIX and HPUX just print "" not "(null)", but that's close enough.) I've not checked what Windows' native printf would do, but it doesn't matter because we've long used snprintf.c on that platform. In v12 and up, also const-ify related code so that we're not casting away const on the constant string. This is just neatnik-ism, since next to no compilers will warn about that. Discussion: https://postgr.es/m/17098-b960f3616c861f83@postgresql.org --- src/port/snprintf.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/port/snprintf.c b/src/port/snprintf.c index c0a452da0f..7c21429369 100644 --- a/src/port/snprintf.c +++ b/src/port/snprintf.c @@ -320,7 +320,7 @@ static bool find_arguments(const char *format, va_list args, PrintfArgValue *argvalues); static void fmtstr(const char *value, int leftjust, int minlen, int maxwidth, int pointflag, PrintfTarget *target); -static void fmtptr(void *value, PrintfTarget *target); +static void fmtptr(const void *value, PrintfTarget *target); static void fmtint(long long value, char type, int forcesign, int leftjust, int minlen, int zpad, int precision, int pointflag, PrintfTarget *target); @@ -394,7 +394,7 @@ dopr(PrintfTarget *target, const char *format, va_list args) int cvalue; long long numvalue; double fvalue; - char *strvalue; + const char *strvalue; PrintfArgValue argvalues[PG_NL_ARGMAX + 1]; /* @@ -439,7 +439,8 @@ dopr(PrintfTarget *target, const char *format, va_list args) { format++; strvalue = va_arg(args, char *); - Assert(strvalue != NULL); + if (strvalue == NULL) + strvalue = "(null)"; dostr(strvalue, strlen(strvalue), target); if (target->failed) break; @@ -670,8 +671,9 @@ nextch2: strvalue = argvalues[fmtpos].cptr; else strvalue = va_arg(args, char *); - /* Whine if someone tries to print a NULL string */ - Assert(strvalue != NULL); + /* If string is NULL, silently substitute "(null)" */ + if (strvalue == NULL) + strvalue = "(null)"; fmtstr(strvalue, leftjust, fieldwidth, precision, pointflag, target); break; @@ -681,7 +683,7 @@ nextch2: strvalue = argvalues[fmtpos].cptr; else strvalue = va_arg(args, char *); - fmtptr((void *) strvalue, target); + fmtptr((const void *) strvalue, target); break; case 'e': case 'E': @@ -995,7 +997,7 @@ fmtstr(const char *value, int leftjust, int minlen, int maxwidth, } static void -fmtptr(void *value, PrintfTarget *target) +fmtptr(const void *value, PrintfTarget *target) { int vallen; char convert[64];