Fix use-after-free bug with event triggers and ALTER TABLE.

EventTriggerAlterTableEnd neglected to make sure that it built its
output list in the right context.  In simple cases this was masked
because the function is called in PortalContext which will be
sufficiently long-lived anyway; but that doesn't make it not a bug.
Commit ced138e8c fixed this in HEAD and v13, but mistakenly chose
not to back-patch further.  Back-patch the same code change all
the way (I didn't bother with the test case though, as it would
prove nothing in pre-v13 branches).

Per report from Arseny Sher.
Original fix by Jehan-Guillaume de Rorthais.

Discussion: https://postgr.es/m/877drcyprb.fsf@ars-thinkpad
Discussion: https://postgr.es/m/20200902193715.6e0269d4@firost

diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c
index 813d3d86a71bc08c11b277d86091f19ed5ec1eb3..33bceb5a170f31da8502745021809ea781a10c75 100644 (file)
--- a/src/backend/commands/event_trigger.c
+++ b/src/backend/commands/event_trigger.c
@@ -1803,9 +1803,15 @@ EventTriggerAlterTableEnd(void)
    /* If no subcommands, don't collect */
    if (list_length(currentEventTriggerState->currentCommand->d.alterTable.subcmds) != 0)
    {
+       MemoryContext oldcxt;
+
+       oldcxt = MemoryContextSwitchTo(currentEventTriggerState->cxt);
+
        currentEventTriggerState->commandList =
            lappend(currentEventTriggerState->commandList,
                    currentEventTriggerState->currentCommand);
+
+       MemoryContextSwitchTo(oldcxt);
    }
    else
        pfree(currentEventTriggerState->currentCommand);