Re: BUG #1011: Explain analyze "query" cause segv

"PostgreSQL Bugs List" <pgsql-bugs(at)postgresql(dot)org> writes:
> There is test case (notice there is ltree column):

Seems to be a buffer overrun in lquery_out(). I've applied the attached
patch for 7.4.1.

regards, tom lane

*** contrib/ltree/ltree_io.c.orig Sun Aug 3 20:43:10 2003
--- contrib/ltree/ltree_io.c Wed Dec 17 15:09:40 2003
***************
*** 498,518 ****
*ptr;
int i,
j,
! totallen = 0;
lquery_level *curqlevel;
lquery_variant *curtlevel;

curqlevel = LQUERY_FIRST(in);
for (i = 0; i < in->numlevel; i++)
{
if (curqlevel->numvar)
! totallen = (curqlevel->numvar * 4) + 1 + curqlevel->totallen;
else
! totallen = 2 * 11 + 4;
! totallen++;
curqlevel = LQL_NEXT(curqlevel);
}
-

ptr = buf = (char *) palloc(totallen);
curqlevel = LQUERY_FIRST(in);
--- 498,517 ----
*ptr;
int i,
j,
! totallen = 1;
lquery_level *curqlevel;
lquery_variant *curtlevel;

curqlevel = LQUERY_FIRST(in);
for (i = 0; i < in->numlevel; i++)
{
+ totallen++;
if (curqlevel->numvar)
! totallen += 1 + (curqlevel->numvar * 4) + curqlevel->totallen;
else
! totallen += 2 * 11 + 4;
curqlevel = LQL_NEXT(curqlevel);
}

ptr = buf = (char *) palloc(totallen);
curqlevel = LQUERY_FIRST(in);