Dereference of null in alloc_query_params

[sminux]

Hi there!
Static analyzer shows this warning:
After having been compared to a NULL value at

ruby-pg/ext/pg_connection.c

Line 1277 in 764f6d5

if( conv ){

pointer 'conv' is dereferenced at

ruby-pg/ext/pg_connection.c

Line 1301 in 764f6d5

t_pg_coder_enc_func enc_func = pg_coder_enc_func( conv );

I can see the check of param_value before: if( NIL_P(param_value) ). It's somehow connected with 'conv'.
But It seems to be true positive. Should we check the 'conv' for null one more time?

[larskanis]

The memory management in alloc_query_params() is a bit complicated. I wrote it 10 years ago and since then there was no single change in this function.

The validity of conv is obviously too complicated for a static analyzer. It works like so:
If conv is NULL, then pg_coder_enc_func() assigns pg_coder_enc_to_s() to enc_func:

ruby-pg/ext/pg_coder.c

Lines 504 to 514 in 64fe4c1

	pg_coder_enc_func(t_pg_coder *this)
	{
	if( this ){
	if( this->enc_func ){
	return this->enc_func;
	}else{
	return pg_text_enc_in_ruby;
	}
	}else{
	/* no element encoder defined -> use std to_str conversion */
	return pg_coder_enc_to_s;

Then the function pointer enc_func is called with a NULL pointer as this (and that's probably what the static analyzer is complaining about):

ruby-pg/ext/pg_connection.c

Lines 1301 to 1305 in 64fe4c1

	t_pg_coder_enc_func enc_func = pg_coder_enc_func( conv );
	VALUE intermediate;
	/* 1st pass for retiving the required memory space */
	int len = enc_func(conv, param_value, NULL, &intermediate, paramsData->enc_idx);

So, if conv is NULL it is always the function pg_coder_enc_to_s() that is called; never any other encoder. I added a comment in 64fe4c1 to warn about this exception in pg_coder_enc_to_s(). All other encoders can dereference the this pointer without NULL verification.