On Wed, Nov 15, 2023 at 8:04 AM Andres Freund <and...@anarazel.de> wrote: > > On 2023-11-14 14:42:13 +0200, Alexander Korotkov wrote: > > It's possibly dumb option, but what about just removing the assert? > > That's not at all an option - the in-place bms_* functions can free their > input. So a dangling pointer to the "old" version is a use-after-free waiting > to happen - you just need a query that actually gets to bitmapsets that are a > bit larger.
Yeah, now I got it, thank you. I was under the wrong impression that bitmapset has the level of indirection, so the pointer remains valid. Now, I see that bitmapset manipulation functions can do free/repalloc making the previous bitmapset pointer invalid. ------ Regards, Alexander Korotkov
