From 6a3e3e26c0328e15fc47091684143dc5bb8ef6fc Mon Sep 17 00:00:00 2001 From: Matheus Alcantara Date: Tue, 9 Jun 2026 17:59:20 -0300 Subject: [PATCH] Fix out-of-bounds access in autoprewarm worker The read stream callback apw_read_stream_next_block() advances p->pos through the block_info array until it reaches a block belonging to a different relation/fork or hits prewarm_stop_idx. When the stream finishes processing all blocks for a fork, p.pos may equal prewarm_stop_idx which cause a segfault. Add a bounds check before accessing block_info[i] to prevent the crash. Author: Matheus Alcantara Reported-by: Glauber Batista Discussion: https://www.postgresql.org/message-id/CAO%2B_mTQgQyTYwDh%3DU8iTnsDmOGyWsZJjUV31SmEYwmw6_xY6Bw%40mail.gmail.com --- contrib/pg_prewarm/autoprewarm.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/contrib/pg_prewarm/autoprewarm.c b/contrib/pg_prewarm/autoprewarm.c index ba0bc8e6d4a..a77e52c59ea 100644 --- a/contrib/pg_prewarm/autoprewarm.c +++ b/contrib/pg_prewarm/autoprewarm.c @@ -643,8 +643,15 @@ autoprewarm_database_main(Datum main_arg) read_stream_end(stream); - /* Advance i past all the blocks just prewarmed. */ + /* + * Advance i past all the blocks just prewarmed. The read stream + * callback may have advanced p.pos to prewarm_stop_idx, so we + * must check bounds before accessing block_info[i]. + */ i = p.pos; + if (i >= apw_state->prewarm_stop_idx) + break; + blk = block_info[i]; } -- 2.50.1 (Apple Git-155)