upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-05-15 19:10:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix pfree crash in pg_get_role_ddl() and pg_get_database_ddl().

Browse source 
DatumGetArrayTypeP() can return a pointer into the tuple when the
datum is stored as a short varlena, so pfree() on the result crashes.
Use DatumGetArrayTypePCopy() to always get a palloc'd copy.

Bug introduced in 76e514ebb4 and a4f774cf1c.

Reported-by: Jeff Davis <pgsql@j-davis.com>
Author: Satya Narlapuram <satya.narlapuram@gmail.com>
Discussion: https://postgr.es/m/CAHg+QDdWtv9PKtPZEokwGCNtbv4MVnfYw5wMZrsEj4xizSNe5Q@mail.gmail.com
This commit is contained in:
Andrew Dunstan 2026-04-14 18:25:36 -04:00
parent dacd8fa6f2
commit 1f108fc02e
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/backend/utils/adt/ddlutils.c
View file

@ -480,7 +480,7 @@ pg_get_role_ddl_internal(Oid roleid, bool pretty, bool memberships)
if (isnull)
continue;
role_settings = DatumGetArrayTypeP(datum);
role_settings = DatumGetArrayTypePCopy(datum);
deconstruct_array_builtin(role_settings, TEXTOID, &settings, &nulls, &nsettings);
@ -1060,7 +1060,7 @@ pg_get_database_ddl_internal(Oid dbid, bool pretty,
if (isnull)
continue;
dbconfig = DatumGetArrayTypeP(datum);
dbconfig = DatumGetArrayTypePCopy(datum);
deconstruct_array_builtin(dbconfig, TEXTOID, &settings, &nulls, &nsettings);