Re: Address the -Wuse-after-free warning in ATExecAttachPartition()

On Mon, Jul 8, 2024 at 3:22 PM Nitin Jadhav
<nitinjadhavpostgres(at)gmail(dot)com> wrote:
>
> In [1], Andres reported a -Wuse-after-free bug in the
> ATExecAttachPartition() function. I've created a patch to address it
> with pointers from Amit offlist.
>
> The issue was that the partBoundConstraint variable was utilized after
> the list_concat() function. This could potentially lead to accessing
> the partBoundConstraint variable after its memory has been freed.
>
> The issue was resolved by using the return value of the list_concat()
> function, instead of using the list1 argument of list_concat(). I
> copied the partBoundConstraint variable to a new variable named
> partConstraint and used it for the previous references before invoking
> get_proposed_default_constraint(). I confirmed that the
> eval_const_expressions(), make_ands_explicit(),
> map_partition_varattnos(), QueuePartitionConstraintValidation()
> functions do not modify the memory location pointed to by the
> partBoundConstraint variable. Therefore, it is safe to use it for the
> next reference in get_proposed_default_constraint()
>
> Attaching the patch. Please review and share the comments if any.
> Thanks to Andres for spotting the bug and some off-list advice on how
> to reproduce it.

The patch LGTM.

Curious how to reproduce the bug ;)

>
> [1]: https://www.postgresql.org/message-id/flat/202311151802.ngj2la66jwgi%40alvherre.pgsql#4fc5622772ba0244c1ad203f5fc56701
>
> Best Regards,
> Nitin Jadhav
> Azure Database for PostgreSQL
> Microsoft

--
Regards
Junwang Zhao