Fix RelationBuildPartitionKey's processing of partition key expressions.
Failure to advance the list pointer while reading partition expressions
from a list results in invoking an input function with inappropriate data,
possibly leading to crashes or, with carefully crafted input, disclosure
of arbitrary backend memory.
Bug discovered independently by Álvaro Herrera and David Rowley.
This patch is by Álvaro but owes something to David's proposed fix.
Back-patch to v10 where the issue was introduced.
Security: CVE-2018-1052
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/3492a0af0bd37e7f23e27fd3f5537f414ee9ab9b
Modified Files
--------------
src/backend/utils/cache/relcache.c | 5 +++++
src/test/regress/expected/create_table.out | 29 ++++++++++++++++++++++-------
src/test/regress/sql/create_table.sql | 9 +++++++--
3 files changed, 34 insertions(+), 9 deletions(-)