From 0f08df406822bfa697dbcabef55728a8cb3e7fdb Mon Sep 17 00:00:00 2001 From: Peter Geoghegan Date: Fri, 2 May 2025 17:50:58 -0400 Subject: [PATCH] Avoid treating nonrequired nbtree keys as required. Consistently prevent nbtree array advancement from treating a scankey as required when operating in pstate.forcenonrequired mode. Otherwise, we risk a NULL pointer dereference. This was possible in the path where _bt_check_compare is called to recheck a tuple that advanced all of the scan's arrays to matching values: its continuescan=false handling expects _bt_advance_array_keys to have been called with a valid pstate, but it'll always be NULL during sktrig_required=false calls (which is how _bt_advance_array_keys must be called when pstate.forcenonrequired). Oversight in commit 8a510275, which optimized nbtree search scan key comparisons. Author: Peter Geoghegan Reported-By: Mark Dilger Discussion: https://postgr.es/m/CAHgHdKsn2W=gPBmj7p6MjQFvxB+zZDBkwTSg0o3f5Hh8rkRrsA@mail.gmail.com Discussion: https://postgr.es/m/CAH2-WzmodSE+gpTd1CRGU9ez8ytyyDS+Kns2r9NzgUp1s56kpw@mail.gmail.com --- src/backend/access/nbtree/nbtutils.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/backend/access/nbtree/nbtutils.c b/src/backend/access/nbtree/nbtutils.c index 11802a4c215..adfa2fd292f 100644 --- a/src/backend/access/nbtree/nbtutils.c +++ b/src/backend/access/nbtree/nbtutils.c @@ -1826,7 +1826,7 @@ _bt_advance_array_keys(IndexScanDesc scan, BTReadPageState *pstate, /* Recheck _bt_check_compare on behalf of caller */ if (_bt_check_compare(scan, dir, tuple, tupnatts, tupdesc, false, - false, &continuescan, + !sktrig_required, &continuescan, &nsktrig) && !so->scanBehind) { @@ -2799,8 +2799,6 @@ _bt_check_compare(IndexScanDesc scan, ScanDirection dir, { BTScanOpaque so = (BTScanOpaque) scan->opaque; - Assert(!forcenonrequired || advancenonrequired); - *continuescan = true; /* default assumption */ for (; *ikey < so->numberOfKeys; (*ikey)++)