Re: BUG #19484: Segmentation fault triggered by FDW

public inbox for pgsql-bugs@postgresql.org  
help / color / mirror / Atom feed

From: Etsuro Fujita <etsuro.fujita@gmail.com>
To: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
Cc: 798604270@qq.com
Cc: pgsql-bugs@lists.postgresql.org
Subject: Re: BUG #19484: Segmentation fault triggered by FDW
Date: Wed, 20 May 2026 10:46:03 -0700
Message-ID: <CAPmGK14N3wzUuPUcgnKZXt2TQT5LwSFU348fRBSusOE518DGRg@mail.gmail.com> (raw)
In-Reply-To: <CAJTYsWXY9C3B-7NZw72OKen2L2rZt=c-t6=kjTJzgj=ZaNPe8g@mail.gmail.com>
References: <19484-a3cb82c8cde3c8fa@postgresql.org>
	<CAJTYsWXY9C3B-7NZw72OKen2L2rZt=c-t6=kjTJzgj=ZaNPe8g@mail.gmail.com>

Hi,

On Wed, May 20, 2026 at 5:37 AM Ayush Tiwari
<ayushtiwari.slg01@gmail.com> wrote:
> On Wed, 20 May 2026 at 03:59, PG Bug reporting form <noreply@postgresql.org> wrote:
>> I found the following test case triggers a segmentation fault:

[snip]

> Thanks for the very precise repro, that made this easy to track down.
>
> I reproduced the crash on master.  The plan EXPLAIN under
> force_generic_plan shows runtime pruning is in effect:
>
>   Update on pt
>     Foreign Update on pt_p2 pt_2
>     ->  Append
>           Subplans Removed: 1
>           ->  Foreign Update on pt_p2 pt_2
>
> The SEGV happens inside postgresBeginForeignModify() because
> ExecInitModifyTable() builds re-indexed "kept" copies of several
> parallel per-result-relation lists after dropping pruned relations -
> withCheckOptionLists, returningLists, updateColnosLists,
> mergeActionLists and mergeJoinConditions, however two members were
> missed:
>
>   - node->fdwPrivLists, read with list_nth(node->fdwPrivLists, i) when
>     BeginForeignModify() is called, and
>   - node->fdwDirectModifyPlans, checked with bms_is_member(i, ...) when
>     setting ri_usesFdwDirectModify.
>
> Both were still indexed against the original (pre-pruning) positions
> while the surrounding loop's "i" is now the kept position.  When the
> foreign partition's kept-index no longer matched its original index,
> BeginForeignModify() got the wrong fdw_private and crashed.
>
> Attached patch builds re-indexed kept copies for these two arrays in
> the same loop as the other parallel lists, and uses them at the two
> call sites.

Thanks Chi for the report, and Ayush for the analysis and patch!  Will review.

Best regards,
Etsuro Fujita

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: pgsql-bugs@postgresql.org
  Cc: etsuro.fujita@gmail.com, ayushtiwari.slg01@gmail.com, 798604270@qq.com, pgsql-bugs@lists.postgresql.org
  Subject: Re: BUG #19484: Segmentation fault triggered by FDW
  In-Reply-To: <CAPmGK14N3wzUuPUcgnKZXt2TQT5LwSFU348fRBSusOE518DGRg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox