From 57bf50de6c444dc5e99ea24fc223ca3f08f8b89d Mon Sep 17 00:00:00 2001 From: Maksim Korotkov Date: Wed, 21 Jan 2026 16:32:21 +0300 Subject: [PATCH] Fix null pointer handling in array iteration Previously, when iterating through an agtype container, the code would access `elem->val` even when `elem` was null. This adds a null check to set the result type to AGTV_NULL when the element is null, preventing a potential segmentation fault. Fixes: 4274f10 ("Added the toStringList() function (#1084)") Found by PostgresPro. Signed-off-by: Maksim Korotkov --- src/backend/utils/adt/agtype.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/src/backend/utils/adt/agtype.c b/src/backend/utils/adt/agtype.c index c552727d8..2526f41f7 100644 --- a/src/backend/utils/adt/agtype.c +++ b/src/backend/utils/adt/agtype.c @@ -7500,19 +7500,12 @@ Datum age_tostringlist(PG_FUNCTION_ARGS) /* TODO: check element's type, it's value, and convert it to string if possible. */ elem = get_ith_agtype_value_from_container(&agt_arg->root, i); string_elem.type = AGTV_STRING; + enum agtype_value_type elem_type = elem ? elem->type : AGTV_NULL; - switch (elem->type) + switch (elem_type) { case AGTV_STRING: - if(!elem) - { - string_elem.type = AGTV_NULL; - - agis_result.res = push_agtype_value(&agis_result.parse_state, - WAGT_ELEM, &string_elem); - } - string_elem.val.string.val = elem->val.string.val; string_elem.val.string.len = elem->val.string.len;