To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at

If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

Pre New Year Check of PostgreSQL

Pre New Year Check of PostgreSQL

Nov 24 2013

The year is about to end, and I didn't publish reports about checks of open-source projects for a long time. Programmers asked me to check PostgreSQL Database Management System many times, and I've finally decided to do it. Unfortunately, this article isn't going to be large and interesting, as I found just a few typical bugs in the project. So, the report is pretty short this time.


PostgreSQL is a free object-relational database management system. PostgreSQL is based on the SQL language and supports many features of the SQL:2003 (ISO/IEC 9075) standard. To learn more about the project, see the Wikipedia article and the project site.

1. Typos when using the memcmp() function

Datum pg_stat_get_activity(PG_FUNCTION_ARGS)
  if (memcmp(&(beentry->st_clientaddr), &zero_clientaddr,
             sizeof(zero_clientaddr) == 0))

PVS-Studio's diagnostic message: V526 The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. postgres pgstatfuncs.c 712

This line also triggers the V575 warning. I do recommend examining a code line very close if it triggers two or more diagnostic messages. One bug may often refer to different aspects.

Look close at the code and you will notice that one closing parenthesis is in a wrong place. It results in the "sizeof(zero_clientaddr) == 0" expression being passed as the third actual argument of the function.

The same bugs can be found in nearby functions: they must have been cloned throughout the code with the help of copy-paste.

Other similar issues:

  • pgstatfuncs.c 976
  • pgstatfuncs.c 1023

2. An octal number

void RestoreArchive(Archive *AHX)
  AHX->minRemoteVersion = 070100;
  AHX->maxRemoteVersion = 999999;

PVS-Studio's diagnostic message: V536 Be advised that the utilized constant value is represented by an octal form. Oct: 070100, Dec: 28736. pg_dump pg_backup_archiver.c 301

If you examine the code nearby, you'll see that the programmer didn't intend to use an octal number at all. For example:

fout->minRemoteVersion = 70000;

Zero before the number in the first sample must have been added there just to make the code look nicer. But it is this zero that turns the number "070100" into an octal number which equals to 28736.

3. Classics. Making mistakes when working with SOCKET

The SOCKET type is unsigned in the Windows operating system. Many programmers don't know about that or keep forgetting it, making one and the same typical mistake in many projects. The PostgreSQL project is no exception.

typedef SOCKET pgsocket;

static int
ident_inet(hbaPort *port)
  pgsocket  sock_fd;
  sock_fd = socket(ident_serv->ai_family,
  if (sock_fd < 0)

PVS-Studio's diagnostic message: V547 Expression 'sock_fd < 0' is always false. Unsigned type value is never < 0. postgres auth.c 1668

The check (sock_fd < 0) is pointless. An unsigned variable cannot be less than zero. The code handling the situation when the socket cannot be opened will never get control.

A few more bugs of that kind:

  • auth.c 1748
  • auth.c 2567
  • pqcomm.c 395
  • pqcomm.c 633
  • postmaster.c 2168

4. Private data erase failure

There are many typical errors occurring when trying to clear memory containing private data. I guess this bug is even more frequent than the trouble with the SOCKET type.

char *
px_crypt_md5(const char *pw, const char *salt,
             char *passwd, unsigned dstlen)
  unsigned char final[MD5_SIZE];
  /* Don't leave anything around in vm they could use. */
  memset(final, 0, sizeof final);

PVS-Studio's diagnostic message: V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. pgcrypto crypt-md5.c 157

The comment emphasizes that a certain memory area must be cleared. But that won't happen. The compiler will throw away the call of the memset() function. To learn why it happens and how to fix it, see the rule's description.

There are quite many fragments where private data fail to be erased:

  • fortuna.c 294
  • fortuna.c 344
  • fortuna.c 381
  • internal.c 671
  • pgp-encrypt.c 131
  • pgp-encrypt.c 493
  • pgp-encrypt.c 555
  • pgp-decrypt.c 283
  • pgp-decrypt.c 398
  • pgp-decrypt.c 399
  • pgp-decrypt.c 496
  • pgp-decrypt.c 706
  • pgp-decrypt.c 795
  • pgp-pgsql.c 90
  • pgp-pgsql.c 132
  • px-crypt.c 161
  • pgp-pubkey.c 153
  • pgp-pubkey.c 294
  • pgp-pubkey.c 295

Each of these cases is a potential vulnerability! Non-erased data may get unexpectedly saved to the disk or sent by network. See an article on this subject: Overwriting memory - why?

5. Undefined behavior

static char *
inet_cidr_ntop_ipv6(const u_char *src, int bits,
                    char *dst, size_t size)
  m = ~0 << (8 - b);

PVS-Studio's diagnostic message: V610 Undefined behavior. Check the shift operator '<<. The left operand '~0' is negative. postgres inet_cidr_ntop.c 206

One can't shift negative numbers because it causes undefined behavior. See the article "Wade not in unknown waters. Part three" for details.

Other dangerous shifts:

  • network.c 1435
  • signal.c 118
  • signal.c 125
  • varbit.c 1508
  • varbit.c 1588

6. A typo

static void
  new_rel_reltup->relfrozenxid = InvalidTransactionId;
  new_rel_reltup->relfrozenxid = InvalidMultiXactId;

PVS-Studio's diagnostic message: V519 The 'new_rel_reltup->relfrozenxid' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 912, 913. postgres heap.c 913

One variable is assigned two different values. This must be a typo. It is most likely the variable 'new_rel_reltup->relminmxid' that must be assigned a value in the second line.


In case the PostgreSQL project's developers show interest in the PVS-Studio analyzer, we can grant them a free registration key for some time. Please write to us.

And happy New Year!

Popular related articles
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
The Evil within the Comparison Functions

Date: May 19 2017

Author: Andrey Karpov

Perhaps, readers remember my article titled "Last line effect". It describes a pattern I've once noticed: in most cases programmers make an error in the last line of similar text blocks. Now I want t…
How PVS-Studio Proved to Be More Attentive Than Three and a Half Programmers

Date: Oct 22 2018

Author: Andrey Karpov

Just like other static analyzers, PVS-Studio often produces false positives. What you are about to read is a short story where I'll tell you how PVS-Studio proved, just one more time, to be more atte…
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…

Comments (0)

Next comments
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →