Home > mailing lists

Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption - Mailing list pgsql-hackers

From	Andreas Karlsson
Subject	Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption
Date	March 3 06:39:43
Msg-id	3b633bb7-f34f-4daf-82b3-038d87ef289b@proxel.se Whole thread Raw
In response to	Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption (Michael Paquier <michael@paquier.xyz>)
Responses	Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption
List	pgsql-hackers

Tree view

On 3/2/26 4:18 AM, Michael Paquier wrote:
> On Sun, Mar 01, 2026 at 06:10:10PM +0100, Joel Jacobson wrote:
>> The allocations in src/backend/commands/explain_state.c
>> used sizeof(char *) instead of sizeof(ExplainExtensionOption),
>> which could cause a crash if an extension would register
>> more than 8 extension EXPLAIN options:
> 
> Indeed, that's wrong as-is.  The problem can be reproduced simply by
> saving more options into pg_overexplain, as well, leading to the same
> memory chunk issues.  Will fix, thanks for the report.

Shouldn't the patch have used repalloc_array()? If the code had done so 
in the first place the bug would never have happened.

-- 
Andreas Karlsson
Percona

pgsql-hackers by date:

From: Chao Li
Date: 03 March, 06:26:25
Subject: Re: astreamer_lz4: fix bug of output pointer advancement in decompressor

From: Andreas Karlsson
Date: 03 March, 06:44:41
Subject: Re: Use pg_malloc macros in src/fe_utils

Re: [BUGFIX] Fix crash due to sizeof bug in RegisterExtensionExplainOption - Mailing list pgsql-hackers

Previous

Next