From 945f71db845262e7491b5fe4403b01147027576b Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Wed, 24 Jan 2018 16:34:51 -0500 Subject: [PATCH] Avoid referencing off the end of subplan_partition_offsets. Report by buildfarm member skink and Tom Lane. Analysis by me. Patch by Amit Khandekar. Discussion: http://postgr.es/m/CAJ3gD9fVA1iXQYhfqHP5n_TEd4U9=V8TL_cc-oKRnRmxgdvJrQ@mail.gmail.com --- src/backend/executor/execPartition.c | 2 ++ src/backend/executor/nodeModifyTable.c | 3 ++- src/include/executor/execPartition.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/backend/executor/execPartition.c b/src/backend/executor/execPartition.c index 89b7bb4c60..106a96d910 100644 --- a/src/backend/executor/execPartition.c +++ b/src/backend/executor/execPartition.c @@ -87,6 +87,7 @@ ExecSetupPartitionTupleRouting(ModifyTableState *mtstate, num_update_rri = list_length(node->plans); proute->subplan_partition_offsets = palloc(num_update_rri * sizeof(int)); + proute->num_subplan_partition_offsets = num_update_rri; /* * We need an additional tuple slot for storing transient tuples that @@ -481,6 +482,7 @@ ExecCleanupTupleRouting(PartitionTupleRouting *proute) * result rels are present in the UPDATE subplans. */ if (proute->subplan_partition_offsets && + subplan_index < proute->num_subplan_partition_offsets && proute->subplan_partition_offsets[subplan_index] == i) { subplan_index++; diff --git a/src/backend/executor/nodeModifyTable.c b/src/backend/executor/nodeModifyTable.c index 6c2f8d4ec0..828e1b0015 100644 --- a/src/backend/executor/nodeModifyTable.c +++ b/src/backend/executor/nodeModifyTable.c @@ -1812,7 +1812,8 @@ tupconv_map_for_subplan(ModifyTableState *mtstate, int whichplan) * If subplan-indexed array is NULL, things should have been arranged * to convert the subplan index to partition index. */ - Assert(proute && proute->subplan_partition_offsets != NULL); + Assert(proute && proute->subplan_partition_offsets != NULL && + whichplan < proute->num_subplan_partition_offsets); leaf_index = proute->subplan_partition_offsets[whichplan]; diff --git a/src/include/executor/execPartition.h b/src/include/executor/execPartition.h index 18e08129f8..3df9c498bb 100644 --- a/src/include/executor/execPartition.h +++ b/src/include/executor/execPartition.h @@ -80,6 +80,7 @@ typedef struct PartitionDispatchData *PartitionDispatch; * subplan_partition_offsets Integer array ordered by UPDATE subplans. Each * element of this array has the index into the * corresponding partition in partitions array. + * num_subplan_partition_offsets Length of 'subplan_partition_offsets' array * partition_tuple_slot TupleTableSlot to be used to manipulate any * given leaf partition's rowtype after that * partition is chosen for insertion by @@ -96,6 +97,7 @@ typedef struct PartitionTupleRouting TupleConversionMap **child_parent_tupconv_maps; bool *child_parent_map_not_required; int *subplan_partition_offsets; + int num_subplan_partition_offsets; TupleTableSlot *partition_tuple_slot; TupleTableSlot *root_tuple_slot; } PartitionTupleRouting; -- 2.39.5