AddressSanitizer: stack-use-after-scope on distributed_planner:HasUnresolvedExternParamsWalker (#7948)

Var externParamPlaceholder is created on stack, and its address is used for paramFetch. Postgres code return address of externParamPlaceholder var to externParam, then code flow go out of scope and dereference pointer on stack out of scope. Fixes https://github.com/citusdata/citus/issues/7941. --------- Co-authored-by: Onur Tirtir <onurcantirtir@gmail.com>
2025-04-04 16:27:56 +03:00 · 2025-04-04 16:27:56 +03:00 · 0e6127c4f6
parent f084b79a4b
commit 0e6127c4f6
1 changed files with 4 additions and 5 deletions
--- a/src/backend/distributed/planner/distributed_planner.c
+++ b/src/backend/distributed/planner/distributed_planner.c
@ -2549,21 +2549,20 @@ HasUnresolvedExternParamsWalker(Node *expression, ParamListInfo boundParams)
 		/* check whether parameter is available (and valid) */
 		if (boundParams && paramId > 0 && paramId <= boundParams->numParams)
 		{
-			ParamExternData *externParam = NULL;
+			Oid paramType = InvalidOid;

 			/* give hook a chance in case parameter is dynamic */
 			if (boundParams->paramFetch != NULL)
 			{
 				ParamExternData externParamPlaceholder;
-				externParam = (*boundParams->paramFetch)(boundParams, paramId, false,
-														 &externParamPlaceholder);
+				paramType = (*boundParams->paramFetch)(boundParams, paramId, false,
+													   &externParamPlaceholder)->ptype;
 			}
 			else
 			{
-				externParam = &boundParams->params[paramId - 1];
+				paramType = boundParams->params[paramId - 1].ptype;
 			}

-			Oid paramType = externParam->ptype;
 			if (OidIsValid(paramType))
 			{
 				return false;