Description
Hello, everyone!
There are logical inconsistencies in the TaskConcurrentCancelCheck(...) function in src/backend/distributed/utils/background_jobs.c.
Specifically, line 710 has a check:
if (!task || task->status == BACKGROUND_TASK_STATUS_CANCELLING)where it is assumed that task can be NULL.
Then, inside this branching (if !task), there is a dereferencing of task in line 722. This may cause dereferencing of a NULL pointer.
But that's half the problem.
Let's take a look at line 708 which is immediately before checking task for NULL.
It turns out that task can be NULL in the taskExecutionContext->task.
Unfortunately, further down the code, task taken from taskExecutionContext->task is actively used without checking for NULL.
For example, in the TaskEnded(...) function which will be called after the TaskConcurrentCancelCheck(...) function.
Based on the above:
- Can
taskbe a NULL pointer? Or is it an unnecessary check in the code. - If
taskcan be NULL, we have two different places in the code with potential NULL dereferencing.