| From: | "Matheus Alcantara" <matheusssilv97(at)gmail(dot)com> |
|---|---|
| To: | "Rafia Sabih" <rafia(dot)pghackers(at)gmail(dot)com> |
| Cc: | "Ayush Tiwari" <ayushtiwari(dot)slg01(at)gmail(dot)com>, <798604270(at)qq(dot)com>, <pgsql-bugs(at)lists(dot)postgresql(dot)org>, "Etsuro Fujita" <etsuro(dot)fujita(at)gmail(dot)com> |
| Subject: | Re: BUG #19484: Segmentation fault triggered by FDW |
| Date: | 2026-06-09 15:10:42 |
| Message-ID: | DJ4M4TOUHLM0.B38DAVN79FPH@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sat May 30, 2026 at 3:18 AM -03, Rafia Sabih wrote:
> A good catch. However there is one issue that remains here,
> in show_modifytable_info still is using the old index here fdw_private =
> (List *) list_nth(node->fdwPrivLists, j) i.e. the one before pruning.
> In fact I found a scenario where it is causing crash, try this
>
> create table fdw_part_update2 (a int not null, b int) partition by list (a);
> create table fdw_part_update2_p1 partition of fdw_part_update2 for values
> in (1);
> create table fdw_part_update2_remote (a int not null, b int);
> create foreign table fdw_part_update2_p2 partition of fdw_part_update2
> for values in (2)
> server loopback options (table_name 'fdw_part_update2_remote');
> insert into fdw_part_update2_p1 values (1, 10);
> insert into fdw_part_update2_remote values (2, 20);
> set plan_cache_mode = force_generic_plan;
> prepare fdw_part_upd2(int) as
> update fdw_part_update2 set b = b + random()::int * 0 + 1 where a = $1
> returning tableoid::regclass, a, b;
> execute fdw_part_upd2(2);
> explain (analyze, verbose, costs off, timing off, summary off)
> execute fdw_part_upd2(2);
>
> Please find the attached file for the patch to fix this. This patch applies
> over the earlier patch (given by Ayush) in this thread.
>
Thanks for catching this, Rafia. The fix is correct —
show_modifytable_info() was indeed still reading from node->fdwPrivLists
using the post-pruning index j, which causes an out-of-bounds access
when partitions are pruned.
I think both patches should be squashed into a single one since they fix
the same underlying issue. I've done this locally and also ran pg_indent
over the result. Attached is the combined patch.
One minor naming observation: the new fdwPrivLists field in
ModifyTableState doesn't follow the mt_ prefix convention used by the
other re-indexed lists (mt_updateColnosLists, mt_mergeActionLists,
mt_mergeJoinConditions). Should we rename it to mt_fdwPrivLists for
consistency?
--
Matheus Alcantara
EDB: https://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Re-index-ModifyTable-FDW-arrays-when-pruning-result-.patch | text/plain | 10.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2026-06-09 18:18:01 | Re: BUG #19500: pgrepack logical decoding plugin can crash assert builds via SQL decoding API |
| Previous Message | Ashutosh Sharma | 2026-06-09 04:38:58 | Re: BUG #19508: pg_buffercache_pages() crashes the backend with an incompatible caller-supplied record definition |