| From: | Aleksander Alekseev <aleksander(at)tigerdata(dot)com> |
|---|---|
| To: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [PATCH] Fix null pointer dereference in PG19 |
| Date: | 2026-04-21 13:40:49 |
| Message-ID: | CAJ7c6TME+ix6VRf-2TPnVTsj8qn_hy6sYAOmMhZEivwsu2wS6g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I discovered that it's possible to crash Postgres when using VIEWS,
FOR PORTION OF syntax and INSTEAD OF triggers together. See crash.sql.
This happens because in ExecModifyTable() around line 4827 there is no
check for `relkind == RELKIND_VIEW`. If this is the case `tupleid`
ends up being NULL which causes null pointer dereference later when
ExecDeleteEpilogue() or ExecUpdateEpilogue() calls
ExecForPortionOfLeftovers() with tupleid = NULL. An example stacktrace
is attached.
I propose fixing this by explicitly forbidding using the named
features together. See the patch.
--
Best regards,
Aleksander Alekseev
| Attachment | Content-Type | Size |
|---|---|---|
| stacktrace.txt | text/plain | 3.8 KB |
| crash.sql | application/sql | 957 bytes |
| v1-0001-Forbid-FOR-PORTION-OF-on-views-with-INSTEAD-OF-tr.patch | text/x-patch | 4.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2026-04-21 13:49:12 | Re: Two issues leading to discrepancies in FSM data on the standby server |
| Previous Message | Matheus Alcantara | 2026-04-21 13:20:50 | Re: MERGE PARTITIONS and DEPENDS ON EXTENSION. |