Possible null pointer dereference?

[lexborisov]

Hello, everyone!

There are logical inconsistencies in the TaskConcurrentCancelCheck(...) function in src/backend/distributed/utils/background_jobs.c.

Specifically, line 710 has a check:

if (!task || task->status == BACKGROUND_TASK_STATUS_CANCELLING)

where it is assumed that task can be NULL. Then, inside this branching (if !task), there is a dereferencing of task in line 722. This may cause dereferencing of a NULL pointer.

But that's half the problem.

Let's take a look at line 708 which is immediately before checking task for NULL. It turns out that task can be NULL in the taskExecutionContext->task. Unfortunately, further down the code, task taken from taskExecutionContext->task is actively used without checking for NULL. For example, in the TaskEnded(...) function which will be called after the TaskConcurrentCancelCheck(...) function.

Based on the above:

1. Can task be a NULL pointer? Or is it an unnecessary check in the code.
2. If task can be NULL, we have two different places in the code with potential NULL dereferencing.