From 803ef0ed49eec57990053da1091f9e3b5a7fb839 Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 25 Sep 2025 11:43:52 -0400 Subject: Fix array allocation bugs in SetExplainExtensionState. If we already have an extension_state array but see a new extension_id much larger than the highest the extension_id we've previously seen, the old code might have failed to expand the array to a large enough size, leading to disaster. Also, if we don't have an extension array at all and need to create one, we should make sure that it's big enough that we don't have to resize it instantly. Reported-by: Tom Lane Reviewed-by: Tom Lane Discussion: http://postgr.es/m/2949591.1758570711@sss.pgh.pa.us Backpatch-through: 18 --- src/backend/commands/explain_state.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/backend/commands/explain_state.c') diff --git a/src/backend/commands/explain_state.c b/src/backend/commands/explain_state.c index 60d98d63a62..9fdeeab6436 100644 --- a/src/backend/commands/explain_state.c +++ b/src/backend/commands/explain_state.c @@ -281,7 +281,8 @@ SetExplainExtensionState(ExplainState *es, int extension_id, void *opaque) /* If there is no array yet, create one. */ if (es->extension_state == NULL) { - es->extension_state_allocated = 16; + es->extension_state_allocated = + Max(16, pg_nextpower2_32(extension_id + 1)); es->extension_state = palloc0(es->extension_state_allocated * sizeof(void *)); } @@ -291,7 +292,7 @@ SetExplainExtensionState(ExplainState *es, int extension_id, void *opaque) { int i; - i = pg_nextpower2_32(es->extension_state_allocated + 1); + i = pg_nextpower2_32(extension_id + 1); es->extension_state = (void **) repalloc0(es->extension_state, es->extension_state_allocated * sizeof(void *), -- cgit v1.2.3