From 7ba6ee815dc90d4fab7226d343bf72aa28c9aa5c Mon Sep 17 00:00:00 2001 From: Alvaro Herrera Date: Mon, 9 Apr 2018 10:54:28 -0300 Subject: [PATCH] Add missed bms_copy() in perform_pruning_combine_step We were initializing a BMS to merely reference an existing one, which would cause a double-free (and a crash) when the recursive algorithm tried to intersect it with an empty one. Fix it by creating a copy at initialization time. Reported-by: sqlsmith (by way of Andreas Seltenreich) Author: Amit Langote Discussion: https://postgr.es/m/87in923lyw.fsf@ansel.ydns.eu --- src/backend/partitioning/partprune.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/backend/partitioning/partprune.c b/src/backend/partitioning/partprune.c index 417e1fee81..7666c6c412 100644 --- a/src/backend/partitioning/partprune.c +++ b/src/backend/partitioning/partprune.c @@ -2923,7 +2923,8 @@ perform_pruning_combine_step(PartitionPruneContext *context, if (firststep) { /* Copy step's result the first time. */ - result->bound_offsets = step_result->bound_offsets; + result->bound_offsets = + bms_copy(step_result->bound_offsets); result->scan_null = step_result->scan_null; result->scan_default = step_result->scan_default; firststep = false;