On Tue, May 7, 2024 at 1:19 PM Richard Guo <guofenglinux@gmail.com> wrote:
> On Tue, May 7, 2024 at 1:46 PM David Rowley <dgrowleyml@gmail.com> wrote:
>>
>> On Tue, 7 May 2024 at 17:28, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> > What I'm trying to figure out here is whether we have a live bug
>> > in this area in released branches; and if so, why we've not seen
>> > reports of that.
>>
>> We could check what portions of REALLOCATE_BITMAPSETS are
>> backpatchable. It may not be applicable very far back because of v16's
>> 00b41463c. The bms_del_member() would have left a zero set rather than
>> doing bms_free() prior to that commit. There could be a bug in v16.
>
>
> I also think there might be a bug in v16, as long as
> 'sjinfo->syn_lefthand' and 'rinfo->outer_relids' are referencing the
> same bitmapset and the content of this bitmapset is altered through
> 'sjinfo->syn_lefthand' without 'rinfo->outer_relids' being aware of
> these changes. I tried to compose a query that can trigger this bug but
> failed though.
Can sjinfo->syn_lefthand became empty set after bms_del_member()? If
so, rinfo->outer_relids will become an invalid pointer. If so, it's
obviously a bug, while it still might be very hard to make this
trigger a segfault.
------
Regards,
Alexander Korotkov
Supabase