From 905e932f0922a837bb3e4e482089c7c2e98bea67 Mon Sep 17 00:00:00 2001 From: Amit Langote Date: Thu, 16 Oct 2025 14:01:44 +0900 Subject: Fix EPQ crash from missing partition directory in EState EvalPlanQualStart() failed to propagate es_partition_directory into the child EState used for EPQ rechecks. When execution time partition pruning ran during the EPQ scan, executor code dereferenced a NULL partition directory and crashed. Previously, propagating es_partition_directory into the EPQ EState was unnecessary because CreatePartitionPruneState(), which sets it on demand, also initialized the exec-pruning context. After commit d47cbf474, CreatePartitionPruneState() now initializes only the init- time pruning context, leaving exec-pruning context initialization to ExecInitNode(). Since EvalPlanQualStart() runs only ExecInitNode() and not CreatePartitionPruneState(), it can encounter a NULL es_partition_directory. Other executor fields initialized during CreatePartitionPruneState() are already copied into the child EState thanks to commit 8741e48e5d, but es_partition_directory was missed. Fix by borrowing the parent estate's es_partition_directory in EvalPlanQualStart(), and by clearing that field in EvalPlanQualEnd() so the parent remains responsible for freeing the directory. Add an isolation test permutation that triggers EPQ with execution- time partition pruning, the case that reproduces this crash. Bug: #19078 Reported-by: Yuri Zamyatin Diagnosed-by: David Rowley Author: David Rowley Co-authored-by: Amit Langote Discussion: https://postgr.es/m/19078-dfd62f840a2c0766@postgresql.org Backpatch-through: 18 --- src/backend/executor/execMain.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/backend/executor') diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index 831c55ce787..713e926329c 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -3093,6 +3093,9 @@ EvalPlanQualStart(EPQState *epqstate, Plan *planTree) rcestate->es_part_prune_states = parentestate->es_part_prune_states; rcestate->es_part_prune_results = parentestate->es_part_prune_results; + /* We'll also borrow the es_partition_directory from the parent state */ + rcestate->es_partition_directory = parentestate->es_partition_directory; + /* * Initialize private state information for each SubPlan. We must do this * before running ExecInitNode on the main query tree, since @@ -3210,6 +3213,13 @@ EvalPlanQualEnd(EPQState *epqstate) MemoryContextSwitchTo(oldcontext); + /* + * NULLify the partition directory before freeing the executor state. + * Since EvalPlanQualStart() just borrowed the parent EState's directory, + * we'd better leave it up to the parent to delete it. + */ + estate->es_partition_directory = NULL; + FreeExecutorState(estate); /* Mark EPQState idle */ -- cgit v1.2.3