Fix miscalculation of itemsafter in array_set_slice().
If the slice to be assigned to was before the existing array lower bound
(requiring at least one null element to spring into existence to fill the
gap), the code miscalculated how many entries needed to be copied from
the old array's null bitmap. This could result in trashing the array's
data area (as seen in bug #5840 from Karsten Loesing), or worse.
This has been broken since we first allowed the behavior of assigning to
non-adjacent slices, in 8.2. Back-patch to all affected versions.
Branch
------
REL8_2_STABLE
Details
-------
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=2a0abe10f3899d5b802f9df6a7ceffc72f513f16
Modified Files
--------------
src/backend/utils/adt/arrayfuncs.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
