Thread

  1. Address the -Wuse-after-free warning in ATExecAttachPartition()

    Nitin Jadhav <nitinjadhavpostgres@gmail.com> — 2024-07-08T07:21:16Z

    In [1], Andres reported a -Wuse-after-free bug in the
    ATExecAttachPartition() function.  I've created a patch to address it
    with pointers from Amit offlist.
    
    The issue was that the partBoundConstraint variable was utilized after
    the list_concat() function. This could potentially lead to accessing
    the partBoundConstraint variable after its memory has been freed.
    
    The issue was resolved by using the return value of the list_concat()
    function, instead of using the list1 argument of list_concat(). I
    copied the partBoundConstraint variable to a new variable named
    partConstraint and used it for the previous references before invoking
    get_proposed_default_constraint(). I confirmed that the
    eval_const_expressions(), make_ands_explicit(),
    map_partition_varattnos(), QueuePartitionConstraintValidation()
    functions do not modify the memory location pointed to by the
    partBoundConstraint variable. Therefore, it is safe to use it for the
    next reference in get_proposed_default_constraint()
    
    Attaching the patch. Please review and share the comments if any.
    Thanks to Andres for spotting the bug and some off-list advice on how
    to reproduce it.
    
    [1]: https://www.postgresql.org/message-id/flat/202311151802.ngj2la66jwgi%40alvherre.pgsql#4fc5622772ba0244c1ad203f5fc56701
    
    Best Regards,
    Nitin Jadhav
    Azure Database for PostgreSQL
    Microsoft