Add missed bms_copy() in perform_pruning_combine_step

We were initializing a BMS to merely reference an existing one, which
would cause a double-free (and a crash) when the recursive algorithm
tried to intersect it with an empty one.  Fix it by creating a copy at
initialization time.

Reported-by: sqlsmith (by way of Andreas Seltenreich)
Author: Amit Langote
Discussion: https://postgr.es/m/87in923lyw.fsf@ansel.ydns.eu

diff --git a/src/backend/partitioning/partprune.c b/src/backend/partitioning/partprune.c
index 417e1fee81574c4a8ff92800eedc44f29226d90b..7666c6c412dba5a70173ed8a8d7ff146bf6a4d9d 100644 (file)
--- a/src/backend/partitioning/partprune.c
+++ b/src/backend/partitioning/partprune.c
@@ -2923,7 +2923,8 @@ perform_pruning_combine_step(PartitionPruneContext *context,
                                if (firststep)
                                {
                                        /* Copy step's result the first time. */
-                                       result->bound_offsets = step_result->bound_offsets;
+                                       result->bound_offsets =
+                                               bms_copy(step_result->bound_offsets);
                                        result->scan_null = step_result->scan_null;
                                        result->scan_default = step_result->scan_default;
                                        firststep = false;