On Mon, Jul 8, 2024 at 3:22 PM Nitin Jadhav <nitinjadhavpostg...@gmail.com> wrote: > > In [1], Andres reported a -Wuse-after-free bug in the > ATExecAttachPartition() function. I've created a patch to address it > with pointers from Amit offlist. > > The issue was that the partBoundConstraint variable was utilized after > the list_concat() function. This could potentially lead to accessing > the partBoundConstraint variable after its memory has been freed. > > The issue was resolved by using the return value of the list_concat() > function, instead of using the list1 argument of list_concat(). I > copied the partBoundConstraint variable to a new variable named > partConstraint and used it for the previous references before invoking > get_proposed_default_constraint(). I confirmed that the > eval_const_expressions(), make_ands_explicit(), > map_partition_varattnos(), QueuePartitionConstraintValidation() > functions do not modify the memory location pointed to by the > partBoundConstraint variable. Therefore, it is safe to use it for the > next reference in get_proposed_default_constraint() > > Attaching the patch. Please review and share the comments if any. > Thanks to Andres for spotting the bug and some off-list advice on how > to reproduce it.
The patch LGTM. Curious how to reproduce the bug ;) > > [1]: > https://www.postgresql.org/message-id/flat/202311151802.ngj2la66jwgi%40alvherre.pgsql#4fc5622772ba0244c1ad203f5fc56701 > > Best Regards, > Nitin Jadhav > Azure Database for PostgreSQL > Microsoft -- Regards Junwang Zhao
