"Pedro J. Lobo" <pjlobo@euitt.upm.es> writes:
> I have located the point where the pointer is overwritten.
> *nodePtr = copyObject(n);
> ((Var *) *nodePtr)->varlevelsup = this_varlevelsup;
> Well, this *can't* be correct. 'n' points to a node of type Expr,
Good sleuthing! It looks like on a 32-bit machine, the overwritten
area will be just past the last field that's part of Expr, and because
of the memory manager's habit of rounding up object sizes that area
just happens to be available space rather than the start of the next
object. So that's why we hadn't found it before.
I believe the copied TLE entry could be any of several other node types
besides Var and Expr, so it's probably possible to see related failures
even on a 32-bit machine.
Jan, what should really be happening here?
regards, tom lane
