Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption

From: Andreas Karlsson <andreas(at)proxel(dot)se>
To: Michael Paquier <michael(at)paquier(dot)xyz>, Joel Jacobson <joel(at)compiler(dot)org>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption
Date: 2026-03-03 03:39:43
Message-ID: 3b633bb7-f34f-4daf-82b3-038d87ef289b@proxel.se
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 3/2/26 4:18 AM, Michael Paquier wrote:
> On Sun, Mar 01, 2026 at 06:10:10PM +0100, Joel Jacobson wrote:
>> The allocations in src/backend/commands/explain_state.c
>> used sizeof(char *) instead of sizeof(ExplainExtensionOption),
>> which could cause a crash if an extension would register
>> more than 8 extension EXPLAIN options:
>
> Indeed, that's wrong as-is. The problem can be reproduced simply by
> saving more options into pg_overexplain, as well, leading to the same
> memory chunk issues. Will fix, thanks for the report.

Shouldn't the patch have used repalloc_array()? If the code had done so
in the first place the bug would never have happened.

--
Andreas Karlsson
Percona

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andreas Karlsson 2026-03-03 03:44:41 Re: Use pg_malloc macros in src/fe_utils
Previous Message Chao Li 2026-03-03 03:26:25 Re: astreamer_lz4: fix bug of output pointer advancement in decompressor