Fix use-after-free with multirange types in CREATE TYPE

The code was freeing the name of the multirange type function stored in
the parse tree but it should not do that.  Event triggers could for
example look at such a corrupted parsed tree with a ddl_command_end
event.

Author: Alex Kozhemyakin, Sergey Shinderuk
Reviewed-by: Peter Eisentraut, Michael Paquier
Discussion: https://postgr.es/m/d5042d46-b9cd-6efb-219a-71ed0cf45bc8@postgrespro.ru
Backpatch-through: 14

diff --git a/src/backend/commands/typecmds.c b/src/backend/commands/typecmds.c
index b290629a4508c15a47c878e4a8a799c0781ac86f..9ab40341793113b5d22f0be5f68f8436e80951f6 100644 (file)
--- a/src/backend/commands/typecmds.c
+++ b/src/backend/commands/typecmds.c
@@ -1707,7 +1707,6 @@ DefineRange(ParseState *pstate, CreateRangeStmt *stmt)
        /* Create cast from the range type to its multirange type */
        CastCreate(typoid, multirangeOid, castFuncOid, 'e', 'f', DEPENDENCY_INTERNAL);
 
-       pfree(multirangeTypeName);
        pfree(multirangeArrayName);
 
        return address;