database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-25 21:42:33 +03:00
Code

Harden range_table_mutator() against null RangeTblEntry.subquery.

Browse Source 
Commit 64919aaab made pull_up_simple_subquery set rte->subquery = NULL
after doing the deed, so that we don't waste cycles copying a
now-useless subquery tree around.  This turns out to create a core dump
hazard in range_table_mutator, which supposes that that field is never
NULL.  Apparently none of our own code invokes query_tree_mutator or
range_table_mutator on the top Query after subquery pullup; but it
wouldn't be surprising if outside code does, and anyway I'm working
on a v16 patch that will need it.

We can fix this cleanly by just getting rid of the special-case
handling of this field and treating it more like all the rest.
I think the special case might be left over from a time when
QTW_DONT_COPY_QUERY was the default behavior, but that was eons ago.

Thanks to Dean Rasheed for review.

Discussion: https://postgr.es/m/545569.1656107045@sss.pgh.pa.us
This commit is contained in:
Tom Lane 2022-06-26 08:58:05 -04:00
parent 3ab4fc5dcf
commit ebc584ed49
1 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/nodes/nodeFuncs.c
View File

@ -2825,11 +2825,6 @@ expression_tree_mutator(Node *node,
( (newnode) = (nodetype *) palloc(sizeof(nodetype)), \ ( (newnode) = (nodetype *) palloc(sizeof(nodetype)), \
memcpy((newnode), (node), sizeof(nodetype)) ) memcpy((newnode), (node), sizeof(nodetype)) )
#define CHECKFLATCOPY(newnode, node, nodetype) \
( AssertMacro(IsA((node), nodetype)), \
(newnode) = (nodetype *) palloc(sizeof(nodetype)), \
memcpy((newnode), (node), sizeof(nodetype)) )
#define MUTATE(newfield, oldfield, fieldtype) \ #define MUTATE(newfield, oldfield, fieldtype) \
( (newfield) = (fieldtype) mutator((Node *) (oldfield), context) ) ( (newfield) = (fieldtype) mutator((Node *) (oldfield), context) )
@ -3640,9 +3635,9 @@ expression_tree_mutator(Node *node,
* which is the bitwise OR of flag values to suppress mutating of * which is the bitwise OR of flag values to suppress mutating of
* indicated items. (More flag bits may be added as needed.) * indicated items. (More flag bits may be added as needed.)
* *
* Normally the Query node itself is copied, but some callers want it to be * Normally the top-level Query node itself is copied, but some callers want
* modified in-place; they must pass QTW_DONT_COPY_QUERY in flags. All * it to be modified in-place; they must pass QTW_DONT_COPY_QUERY in flags.
* modified substructure is safely copied in any case. * All modified substructure is safely copied in any case.
*/ */
Query * Query *
query_tree_mutator(Query *query, query_tree_mutator(Query *query,
@ -3758,10 +3753,7 @@ range_table_mutator(List *rtable,
break; break;
case RTE_SUBQUERY: case RTE_SUBQUERY:
if (!(flags & QTW_IGNORE_RT_SUBQUERIES)) if (!(flags & QTW_IGNORE_RT_SUBQUERIES))
{ MUTATE(newrte->subquery, rte->subquery, Query *);
CHECKFLATCOPY(newrte->subquery, rte->subquery, Query);
MUTATE(newrte->subquery, newrte->subquery, Query *);
}
else else
{ {
/* else, copy RT subqueries as-is */ /* else, copy RT subqueries as-is */