Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wMLgS-002TCS-29 for pgsql-hackers@arkaria.postgresql.org; Mon, 11 May 2026 08:08:12 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wMLgR-0004cr-0k for pgsql-hackers@arkaria.postgresql.org; Mon, 11 May 2026 08:08:11 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wMLgQ-0004ch-34 for pgsql-hackers@lists.postgresql.org; Mon, 11 May 2026 08:08:11 +0000 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wMLgO-00000001GMv-2eFU for pgsql-hackers@lists.postgresql.org; Mon, 11 May 2026 08:08:10 +0000 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-836ebdeb969so1788297b3a.3 for ; Mon, 11 May 2026 01:08:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778486886; x=1779091686; darn=lists.postgresql.org; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:from:to:cc:subject:date:message-id:reply-to; bh=ACYHhPbq1dULA/mSUeuM1cLUe0ID5raTozst0qJzj5s=; b=ICHQQ4zTmc8YVKRwDh1UEC6yihW5rGE+KhkA2MWn5PdyEqpXhlUmbjKMwUCtP2qhzT lN5Ed4Nc4TIYsVO02pgud2FEswzZjkC52ouGcn8eYmiX26c7FNQApHsQKBtYVHnT+eo+ LTMwgfblsQWVmR/p68v4tRoyqEV0nLYTuXHMV6iTWudt/T3p5xCplDVvV/SSpnuUC1AM F9uE/LG8STdWBYdlWEDz/zAsrJq82GDfwj7KXjQtcYUmfw9NMc86RYk2mH/yi8mEzeQD 47bvlTabOvsrA6rAvpmP0ZhtycBaR3Y6g4bCT4koRq5nGVZRz5vqUuzxVU/yKwgc/y2+ gIGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778486886; x=1779091686; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ACYHhPbq1dULA/mSUeuM1cLUe0ID5raTozst0qJzj5s=; b=P4hUXO8IUe3a9JzkgqjoHiKQrA/aQSr/xdeqGH4+b6P5uzAV7+XAnAEUZBLT87sew+ BlMfM4/SqlDAAgtJWWifREgtuVjBKQZb02pPUOl0ATb0mivOuX8+ErCeykv7bTv6uahf xjosIw8OlT6nVfWN7KepTPi9E7UqodzqpqCM6O4wnHUPFhfCczjab2fz3f72W5emQlBA VuUCzY+kmyzwMELPuFrfLHSLW86J8kqVKseaTFqaAKUGrY5EYWc49LrI9Onf41EnqiGR GVm0FJV/Z3dQ++4g+ws1OxJdKS0FfkfUUkKJ9OrEOOAlxz+g3ty4BM6DX6tO2pXx/pP5 vkFw== X-Gm-Message-State: AOJu0YylD/WvKMFVY8jBmLbvMNbK7/3B6bPuW8P/UiPxX4wg3w7ySw7n J3nrF5bCCpJvTLgBGjR+YGfDH8sa7nQ+I7Jok0v12sh4M/nYWZy8ts7JR+VgtBuK+Ps= X-Gm-Gg: Acq92OGPEc2AacTY5C061bNoM0vGgCnTmrhinEhKKCJ0jCiAxmh3M5xjP5cNX0uDl0P GXNhJ6rvPjClgDNYNo3fNPLdTOLsdFrcmM/JnKsuJgxBpPWQmmGLD0MdWC3f1sZQxycdIqx3+0B mmy834Vi4ZCNQNZ2Jb2vlTKMBK/ZKqM3NJlUiP4tTgKUy1iwsKn95s1VbGQcrZ4+ZB/7oOEXOok 704Hce7dr6c0ZpCrM1NVifqHQ0WShD2A51rcPxgIupkXDD9H2vRkNJtMF9+HBHBbTjsOj8y3Te9 b/e99nElPX32u52ep0GxbD2aGkUoZpaXk3+TVTvjRjg69fBvfKYYjQUaKjuDii8HBFT1b/WCYtZ hAucTf+v5Nql9JaheQzVW+CYjBbFncSTnz2YtjqY1E3RGzkhw9lP76t+o+m3p8bkoSg7QBlacMa ZhPccyVKScZtaNg+6PxCHW1YhpDtkfyXoz X-Received: by 2002:a05:6a00:12e4:b0:82c:f035:6748 with SMTP id d2e1a72fcca58-83a5dd560e6mr22082551b3a.42.1778486885439; Mon, 11 May 2026 01:08:05 -0700 (PDT) Received: from smtpclient.apple ([185.135.79.161]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-83967dbcf36sm23729249b3a.41.2026.05.11.01.08.03 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 May 2026 01:08:04 -0700 (PDT) From: Chao Li Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\)) Subject: Fix unsafe PlannedStmt access in pg_stat_statements Message-Id: <2F91906A-F2B5-4A6B-9695-D136957D4545@gmail.com> Date: Mon, 11 May 2026 16:07:29 +0800 To: PostgreSQL Hackers X-Mailer: Apple Mail (2.3864.400.21) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi, I spotted this small issue while working on [1]. In pgss_ProcessUtility(), there is this comment: ``` /* * CAUTION: do not access the *pstmt data structure = again below here. * If it was a ROLLBACK or similar, that data structure = may have been * freed. We must copy everything we still need into = local variables, * which we did above. * * For the same reason, we can't risk restoring = pstmt->queryId to its * former value, which'd otherwise be a good idea. */ ``` However, commit 3357471cf9f5e470dfed0c7919bcf31c7efaf2b9 added a new = access to pstmt after that point: ``` pgss_store(queryString, saved_queryId, saved_stmt_location, saved_stmt_len, PGSS_EXEC, INSTR_TIME_GET_MILLISEC(duration), rows, &bufusage, &walusage, NULL, NULL, 0, 0, pstmt->planOrigin); ``` The attached patch fixes this by saving pstmt->planOrigin, following the = same pattern already used for queryId, stmt_location, and stmt_len. [1] = https://www.postgresql.org/message-id/8ED8C22D-54CD-4EC4-B53C-D39F935FA83D= %40gmail.com Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/