Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wMiye-000ITq-2j for pgsql-hackers@arkaria.postgresql.org; Tue, 12 May 2026 09:00:33 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wMiyc-00420d-0Q for pgsql-hackers@arkaria.postgresql.org; Tue, 12 May 2026 09:00:30 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wMiyb-00420U-0d for pgsql-hackers@lists.postgresql.org; Tue, 12 May 2026 09:00:30 +0000 Received: from fhigh-b2-smtp.messagingengine.com ([202.12.124.153]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wMiyU-00000000B3G-39yM for pgsql-hackers@lists.postgresql.org; Tue, 12 May 2026 09:00:28 +0000 Received: from phl-compute-03.internal (phl-compute-03.internal [10.202.2.43]) by mailfhigh.stl.internal (Postfix) with ESMTP id 6FE087A0120; Tue, 12 May 2026 05:00:21 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Tue, 12 May 2026 05:00:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=anarazel.de; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1778576421; x=1778662821; bh=5c4hsn+pEiOUf7c81+R8x2kov7GVyPLVVzCGQaIvz+c=; b= cqw9sCjtYCUYRTspUYRQ2XsM2pl/3lGs2pcnY/figGROGON99ZkRXa1IBtM44wgv hGbukAqimCcTqZxztYrfHMSnX5R1Aeg2T0UUIU6E5bEKbZy7ahJH3vW6fnGidAul X0P/oDpfIREYQB/jbUcyJEw6liIBNvhBKLp6aEywqkMC70Fhb1CbaQD7L1OnW3GH BV3dDzf/7XsD+DW2+NoFdBoQuZScxAKBuiX7YeLxxNdiC8Kv9l3aJILvXGB16zj3 QCXYqN01wWd2+sdiryzAAfNBXlYwgSSeZZv5UdOW6MyB5J1Ov867k19arWhkyLUf Er4+QRi6CaAMdE67UkJ0kA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1778576421; x= 1778662821; bh=5c4hsn+pEiOUf7c81+R8x2kov7GVyPLVVzCGQaIvz+c=; b=E ytyLj1Fsf7VZ82A95oQqnjWp0UElZ1b08cEfWGBYUCLl9UZPrxXxeN7biOZI2ysJ 05/xaoHtAJXaPVJ4LWsV63ixgbI5W0gq8wczBrh7Y9ltZiMkBdJHuyVo38ZrgsMP Us2gxDGKekNOdiOCSK7teAFX9lDgVAtUjJ+08bTEHvm5jT0v/zY3JUEQHgpoEAnz L1Xz8dNRocjoAXjKJBA76nD5IG+kwb94skT1nuSxxYKKXpOJvB46fYG3Fbg9ao7E V33xHMlU+VpUOeSIXnIvEE4uGs+rppi36JTMYwI01VHimhQl9uJlwJo7gsOEZGBN J7dUJGyF32pLrE+8NTHpQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgdduvddufeelucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevufgfjghfkfggtgfgsehtqhhmtddtreejnecuhfhrohhmpeetnhgurhgv shcuhfhrvghunhguuceorghnughrvghssegrnhgrrhgriigvlhdruggvqeenucggtffrrg htthgvrhhnpefhgfekheettdegveevtddthfelueehjedvteevfffhgfejudeigeejgeek iedtffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe grnhgurhgvshesrghnrghrrgiivghlrdguvgdpnhgspghrtghpthhtohepfedpmhhouggv pehsmhhtphhouhhtpdhrtghpthhtohepphhgshhqlhdqhhgrtghkvghrsheslhhishhtsh drphhoshhtghhrvghsqhhlrdhorhhgpdhrtghpthhtohepmhhitghhrggvlhesphgrqhhu ihgvrhdrgiihiidprhgtphhtthhopehlihdrvghvrghnrdgthhgrohesghhmrghilhdrtg homh X-ME-Proxy: Feedback-ID: id4a34324:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 12 May 2026 05:00:20 -0400 (EDT) Date: Tue, 12 May 2026 11:00:16 +0200 From: Andres Freund To: pgsql-hackers@lists.postgresql.org, Michael Paquier , Chao Li CC: PostgreSQL Hackers Subject: Re: Fix unsafe PlannedStmt access in pg_stat_statements User-Agent: K-9 Mail for Android In-Reply-To: References: <2F91906A-F2B5-4A6B-9695-D136957D4545@gmail.com> Message-ID: <0A9A8DAC-BC3C-4C7A-9504-2C6050405544@anarazel.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi,=20 On May 12, 2026 5:30:53 AM GMT+02:00, Michael Paquier wrote: >On Mon, May 11, 2026 at 04:11:41PM +0800, Chao Li wrote: >> On May 11, 2026, at 16:07, Chao Li wrote= : >>> In pgss_ProcessUtility(), there is this comment: >>> ``` >>> /* >>> * CAUTION: do not access the *pstmt data structure again below here=2E >>> * If it was a ROLLBACK or similar, that data structure may have been >>> * freed=2E We must copy everything we still need into local variables= , >>> * which we did above=2E >>> * >>> * For the same reason, we can't risk restoring pstmt->queryId to its >>> * former value, which'd otherwise be a good idea=2E >>> */ >>> ``` >>>=20 >>> The attached patch fixes this by saving pstmt->planOrigin, >>> following the same pattern already used for queryId, stmt_location, >>> and stmt_len=2E > >Yeah, you are right=2E This code should save the planOrigin but it does >not do so=2E Seems like the code should make this clearer, by simply unsetting pstmt at= the point it becomes unsafe to use?=20 Andres