Skip to content

Commit ebc584e

Browse files
tglsfdctglsfdc
committed
Harden range_table_mutator() against null RangeTblEntry.subquery.
Commit 64919aa made pull_up_simple_subquery set rte->subquery = NULL after doing the deed, so that we don't waste cycles copying a now-useless subquery tree around. This turns out to create a core dump hazard in range_table_mutator, which supposes that that field is never NULL. Apparently none of our own code invokes query_tree_mutator or range_table_mutator on the top Query after subquery pullup; but it wouldn't be surprising if outside code does, and anyway I'm working on a v16 patch that will need it. We can fix this cleanly by just getting rid of the special-case handling of this field and treating it more like all the rest. I think the special case might be left over from a time when QTW_DONT_COPY_QUERY was the default behavior, but that was eons ago. Thanks to Dean Rasheed for review. Discussion: https://postgr.es/m/545569.1656107045@sss.pgh.pa.us
1 parent 3ab4fc5 commit ebc584e

File tree

1 file changed

+4
-12
lines changed

1 file changed

+4
-12
lines changed

src/backend/nodes/nodeFuncs.c

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2825,11 +2825,6 @@ expression_tree_mutator(Node *node,
28252825
( (newnode) = (nodetype *) palloc(sizeof(nodetype)), \
28262826
memcpy((newnode), (node), sizeof(nodetype)) )
28272827

2828-
#define CHECKFLATCOPY(newnode, node, nodetype) \
2829-
( AssertMacro(IsA((node), nodetype)), \
2830-
(newnode) = (nodetype *) palloc(sizeof(nodetype)), \
2831-
memcpy((newnode), (node), sizeof(nodetype)) )
2832-
28332828
#define MUTATE(newfield, oldfield, fieldtype) \
28342829
( (newfield) = (fieldtype) mutator((Node *) (oldfield), context) )
28352830

@@ -3640,9 +3635,9 @@ expression_tree_mutator(Node *node,
36403635
* which is the bitwise OR of flag values to suppress mutating of
36413636
* indicated items. (More flag bits may be added as needed.)
36423637
*
3643-
* Normally the Query node itself is copied, but some callers want it to be
3644-
* modified in-place; they must pass QTW_DONT_COPY_QUERY in flags. All
3645-
* modified substructure is safely copied in any case.
3638+
* Normally the top-level Query node itself is copied, but some callers want
3639+
* it to be modified in-place; they must pass QTW_DONT_COPY_QUERY in flags.
3640+
* All modified substructure is safely copied in any case.
36463641
*/
36473642
Query *
36483643
query_tree_mutator(Query *query,
@@ -3758,10 +3753,7 @@ range_table_mutator(List *rtable,
37583753
break;
37593754
case RTE_SUBQUERY:
37603755
if (!(flags & QTW_IGNORE_RT_SUBQUERIES))
3761-
{
3762-
CHECKFLATCOPY(newrte->subquery, rte->subquery, Query);
3763-
MUTATE(newrte->subquery, newrte->subquery, Query *);
3764-
}
3756+
MUTATE(newrte->subquery, rte->subquery, Query *);
37653757
else
37663758
{
37673759
/* else, copy RT subqueries as-is */

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy