On Thu, Aug 8, 2024 at 8:14 PM Noah Misch <n...@leadboat.com> wrote: > On Sun, Apr 07, 2024 at 01:22:51AM +0300, Alexander Korotkov wrote: > > I've pushed 0001 and 0002 > > The partition MERGE (1adf16b8f) and SPLIT (87c21bb94) v17 patches introduced > createPartitionTable() with this code: > > createStmt->relation = newPartName; > ... > wrapper->utilityStmt = (Node *) createStmt; > ... > ProcessUtility(wrapper, > ... > newRel = table_openrv(newPartName, NoLock); > > This breaks from the CVE-2014-0062 (commit 5f17304) principle of not repeating > name lookups. The attached demo uses this defect to make one partition have > two parents.
Thank you for a valuable report. I will dig into and fix that. ------ Regards, Alexander Korotkov Supabase
