From 6c3b697b19db6274da622cf0fe7a7ad32eeeced3 Mon Sep 17 00:00:00 2001 From: David Rowley Date: Fri, 31 Mar 2023 12:13:05 +1300 Subject: [PATCH] Fix List memory issue in transformColumnDefinition When calling generateSerialExtraStmts(), we would pass in the constraint->options. In some cases, generateSerialExtraStmts() would modify the referenced List to remove elements from it, but doing so is invalid without assigning the list back to all variables that point to it. In the particular reported problem case, the List became empty, in which cases it became NIL, but the passed in constraint->options didn't get to find out about that and was left pointing to free'd memory. To fix this, just perform a list_copy() inside generateSerialExtraStmts(). We could just do a list_copy() just before we perform the delete from the list, however, that seems less robust. Let's make sure the generated CreateSeqStmt gets a completely different copy of the list to be safe. Bug: #17879 Reported-by: Fei Changhong Diagnosed-by: Fei Changhong Discussion: https://postgr.es/m/17879-b7dfb5debee58ff5@postgresql.org Backpatch-through: 11, all supported versions --- src/backend/parser/parse_utilcmd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/backend/parser/parse_utilcmd.c b/src/backend/parser/parse_utilcmd.c index 15a1dab8c5a..b0f6fe4fa61 100644 --- a/src/backend/parser/parse_utilcmd.c +++ b/src/backend/parser/parse_utilcmd.c @@ -381,6 +381,9 @@ generateSerialExtraStmts(CreateStmtContext *cxt, ColumnDef *column, List *attnamelist; int nameEl_idx = -1; + /* Make a copy of this as we may end up modifying it in the code below */ + seqoptions = list_copy(seqoptions); + /* * Determine namespace and name to use for the sequence. * -- 2.30.2