From f7dc17aa9116a90a235ecf77c46afbbd6b6f8fbc Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Mon, 2 Mar 2026 13:14:15 +0900 Subject: [PATCH] Fix memory allocation size in RegisterExtensionExplainOption() The allocations used for the static array ExplainExtensionOptionArray, that tracks a set of ExplainExtensionOption, used "char *" instead of ExplainExtensionOption as the memory size consumed by one element, underestimating the memory required by half. The initial allocation of ExplainExtensionNameArray wants to hold 16 elements before being reallocated, and with "char *" it meant that there was enough space only for 8 ExplainExtensionOption elements, 16 bytes required for each element. The backend would crash once one tries to register a 9th EXPLAIN option. As far as I can see, the allocation formulas of GetExplainExtensionId() have been copy-pasted to RegisterExtensionExplainOption(), but the internal maths of the copy were not adjusted accordingly. Oversight in c65bc2e1d14a. Author: Joel Jacobson Discussion: https://postgr.es/m/2a4bd2f5-2a2f-409f-8ac7-110dd3fad4fc@app.fastmail.com Backpatch-through: 18 --- src/backend/commands/explain_state.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/commands/explain_state.c b/src/backend/commands/explain_state.c index 803c74dd178..77f59b8e500 100644 --- a/src/backend/commands/explain_state.c +++ b/src/backend/commands/explain_state.c @@ -335,7 +335,7 @@ RegisterExtensionExplainOption(const char *option_name, ExplainExtensionOptionArray = (ExplainExtensionOption *) MemoryContextAlloc(TopMemoryContext, ExplainExtensionOptionsAllocated - * sizeof(char *)); + * sizeof(ExplainExtensionOption)); } /* If there's an array but it's currently full, expand it. */ @@ -344,7 +344,7 @@ RegisterExtensionExplainOption(const char *option_name, int i = pg_nextpower2_32(ExplainExtensionOptionsAssigned + 1); ExplainExtensionOptionArray = (ExplainExtensionOption *) - repalloc(ExplainExtensionOptionArray, i * sizeof(char *)); + repalloc(ExplainExtensionOptionArray, i * sizeof(ExplainExtensionOption)); ExplainExtensionOptionsAllocated = i; }