From: Peter Geoghegan Date: Wed, 29 Apr 2026 15:22:23 +0000 (-0400) Subject: Fix nbtree skip array parallel alloc accounting. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=748d871b7cb08302ef312b665bd64012f19fc16c;p=thirdparty%2Fpostgresql.git Fix nbtree skip array parallel alloc accounting. btestimateparallelscan neglected to add btps_arrElems[] space overhead for skip array scan keys that were later output by nbtree preprocessing. Skip arrays don't actually need to use this space, but a scan with a subsequent SAOP array will need to subscript btps_arrElems[] using a simple so->arrayKeys[]-wise offset. so->arrayKeys[] has entries for both kinds of arrays. As a result of this oversight, it was possible for an index scan with a skip array and a lower-order SAOP array to write past the allocated shared memory boundary when storing the SAOP array's cur_elem. In practice the problem seems to be limited to scans with many skipped index columns, since our general approach to estimating the amount of shared memory that will be required is fairly conservative. To fix, have btestimateparallelscan request an extra sizeof(int) space for key columns that might require a skip array later on. Oversight in commit 92fe23d9, which added the nbtree skip scan optimization. Author: Siddharth Kothari Discussion: https://postgr.es/m/CAGCUe0Lwk3C0qdkBa+OLpYc7yXwW=pbaz8Sju4xMXEQAmyp+5g@mail.gmail.com Backpatch-through: 18 --- diff --git a/src/backend/access/nbtree/nbtree.c b/src/backend/access/nbtree/nbtree.c index 6d870e4ebe7..3df2c752ead 100644 --- a/src/backend/access/nbtree/nbtree.c +++ b/src/backend/access/nbtree/nbtree.c @@ -604,8 +604,11 @@ btestimateparallelscan(Relation rel, int nkeys, int norderbys) * also require a skip array. * * Every skip array must have space to store its scan key's sk_flags. + * We also need space for each skip array's unused btps_arrElems slot + * (we need to be able to subscript btps_arrElems using a simple + * so->arrayKeys[]-wise offset for any subsequent SAOP arrays). */ - estnbtreeshared = add_size(estnbtreeshared, sizeof(int)); + estnbtreeshared = add_size(estnbtreeshared, sizeof(int) * 2); /* Consider space required to store a datum of opclass input type */ attr = TupleDescCompactAttr(rel->rd_att, attnum - 1);