Fix unsafe memory management in CloneRowTriggersToPartition().

It's not really supported to call systable_getnext() in a different
memory context than systable_beginscan() was called in, and it's
*definitely* not safe to do so and then reset that context between
calls.  I'm not very clear on how this code survived
CLOBBER_CACHE_ALWAYS testing ... but Alexander Lakhin found a case
that would crash it pretty reliably.

Per bug #15828.  Fix, and backpatch to v11 where this code came in.

Discussion: https://postgr.es/m/15828-f6ddd7df4852f473@postgresql.org

diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index e34d4ccc148071ef66e68a36eded7c110f02960d..95af5ec2dc709e05297eb2832d5f4e65dcc7255b 100644 (file)
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -15772,8 +15772,7 @@ CloneRowTriggersToPartition(Relation parent, Relation partition)
    ScanKeyData key;
    SysScanDesc scan;
    HeapTuple   tuple;
-   MemoryContext oldcxt,
-               perTupCxt;
+   MemoryContext perTupCxt;
 
    ScanKeyInit(&key, Anum_pg_trigger_tgrelid, BTEqualStrategyNumber,
                F_OIDEQ, ObjectIdGetDatum(RelationGetRelid(parent)));
@@ -15783,18 +15782,16 @@ CloneRowTriggersToPartition(Relation parent, Relation partition)
 
    perTupCxt = AllocSetContextCreate(CurrentMemoryContext,
                                      "clone trig", ALLOCSET_SMALL_SIZES);
-   oldcxt = MemoryContextSwitchTo(perTupCxt);
 
    while (HeapTupleIsValid(tuple = systable_getnext(scan)))
    {
-       Form_pg_trigger trigForm;
+       Form_pg_trigger trigForm = (Form_pg_trigger) GETSTRUCT(tuple);
        CreateTrigStmt *trigStmt;
        Node       *qual = NULL;
        Datum       value;
        bool        isnull;
        List       *cols = NIL;
-
-       trigForm = (Form_pg_trigger) GETSTRUCT(tuple);
+       MemoryContext oldcxt;
 
        /*
         * Ignore statement-level triggers; those are not cloned.
@@ -15813,6 +15810,9 @@ CloneRowTriggersToPartition(Relation parent, Relation partition)
            elog(ERROR, "unexpected trigger \"%s\" found",
                 NameStr(trigForm->tgname));
 
+       /* Use short-lived context for CREATE TRIGGER */
+       oldcxt = MemoryContextSwitchTo(perTupCxt);
+
        /*
         * If there is a WHEN clause, generate a 'cooked' version of it that's
         * appropriate for the partition.
@@ -15876,10 +15876,10 @@ CloneRowTriggersToPartition(Relation parent, Relation partition)
                      trigForm->tgfoid, trigForm->oid, qual,
                      false, true);
 
+       MemoryContextSwitchTo(oldcxt);
        MemoryContextReset(perTupCxt);
    }
 
-   MemoryContextSwitchTo(oldcxt);
    MemoryContextDelete(perTupCxt);
 
    systable_endscan(scan);