In [1], Andres reported a -Wuse-after-free bug in the ATExecAttachPartition() function. I've created a patch to address it with pointers from Amit offlist.
The issue was that the partBoundConstraint variable was utilized after the list_concat() function. This could potentially lead to accessing the partBoundConstraint variable after its memory has been freed. The issue was resolved by using the return value of the list_concat() function, instead of using the list1 argument of list_concat(). I copied the partBoundConstraint variable to a new variable named partConstraint and used it for the previous references before invoking get_proposed_default_constraint(). I confirmed that the eval_const_expressions(), make_ands_explicit(), map_partition_varattnos(), QueuePartitionConstraintValidation() functions do not modify the memory location pointed to by the partBoundConstraint variable. Therefore, it is safe to use it for the next reference in get_proposed_default_constraint() Attaching the patch. Please review and share the comments if any. Thanks to Andres for spotting the bug and some off-list advice on how to reproduce it. [1]: https://www.postgresql.org/message-id/flat/202311151802.ngj2la66jwgi%40alvherre.pgsql#4fc5622772ba0244c1ad203f5fc56701 Best Regards, Nitin Jadhav Azure Database for PostgreSQL Microsoft
v1-0001-Address-the-Wuse-after-free-warning-in-ATExecAttachP.patch
Description: Binary data
