From df567fbf6e41aa6b574ead3803c304af55645501 Mon Sep 17 00:00:00 2001 From: David Rowley Date: Fri, 31 Mar 2023 12:13:34 +1300 Subject: [PATCH] Fix List memory issue in transformColumnDefinition When calling generateSerialExtraStmts(), we would pass in the constraint->options. In some cases, generateSerialExtraStmts() would modify the referenced List to remove elements from it, but doing so is invalid without assigning the list back to all variables that point to it. In the particular reported problem case, the List became empty, in which cases it became NIL, but the passed in constraint->options didn't get to find out about that and was left pointing to free'd memory. To fix this, just perform a list_copy() inside generateSerialExtraStmts(). We could just do a list_copy() just before we perform the delete from the list, however, that seems less robust. Let's make sure the generated CreateSeqStmt gets a completely different copy of the list to be safe. Bug: #17879 Reported-by: Fei Changhong Diagnosed-by: Fei Changhong Discussion: https://postgr.es/m/17879-b7dfb5debee58ff5@postgresql.org Backpatch-through: 11, all supported versions --- src/backend/parser/parse_utilcmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c index 297d759006c..a76b8eecb6a 100644 --- a/src/backend/parser/parse_utilcmd.c +++ b/src/backend/parser/parse_utilcmd.c @@ -381,6 +381,9 @@ generateSerialExtraStmts(CreateStmtContext *cxt, ColumnDef *column, List *attnamelist; int nameEl_idx = -1; + /* Make a copy of this as we may end up modifying it in the code below */ + seqoptions = list_copy(seqoptions); + /* * Determine namespace and name to use for the sequence. *