With a server compiled with flags -DUSE_VALGRIND -DWRITE_READ_PARSE_PLAN_TREES the following query: SELECT * FROM generate_series(1, 1) a WHERE a = ANY (array[array[NULL::int]]);
provokes an incorrect memory access:
Here ExecEvalArrayExpr() performs: result = (ArrayType *) palloc(nbytes); where nbytes includes ARR_OVERHEAD_WITHNULLS(ndims, nitems) for ndims = 2 and nitems = 1, so last 8 bytes in this memory area reserved for a null bitmap, but only one bit of the bitmap initialised later by array_bitmap_copy().
fixes the issue, just as "result = (ArrayType *) palloc0(nbytes)" does, of course.
Nice catch. This can also be seen on master.
I searched the codes a little bit and found that in array_set_slice() and array_set_element() the 'newarray' is allocated with palloc0 and then the nulls bitmap is zeroed with
MemSet(nullbitmap, 0, (nitems + 7) / 8);
if havenulls is true. I wonder if we can do the same here.
