Fix miscalculation of itemsafter in array_set_slice(). If the slice to be assigned to was before the existing array lower bound (requiring at least one null element to spring into existence to fill the gap), the code miscalculated how many entries needed to be copied from the old array's null bitmap. This could result in trashing the array's data area (as seen in bug #5840 from Karsten Loesing), or worse.
This has been broken since we first allowed the behavior of assigning to non-adjacent slices, in 8.2. Back-patch to all affected versions. Branch ------ REL9_0_STABLE Details ------- http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=d8b0495f9637636b8a89e3b98208beb0a2d64fd0 Modified Files -------------- src/backend/utils/adt/arrayfuncs.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
