Fix use-after-free in ri_LoadConstraintInfo

conindid was read from conForm after ReleaseSysCache(tup).  Move
the read to before the release.

Introduced by commit 2da86c1ef9b5.

Per buildfarm member prion.

Discussion: https://postgr.es/m/CA+HiwqGGYjN6F2oL7yAk=hvSs-sj3TPqZ9JC9iyLkCqJadECrw@mail.gmail.com

diff --git a/src/backend/utils/adt/ri_triggers.c b/src/backend/utils/adt/ri_triggers.c
index da7640a80050d70f2c583e1f8b4d49dd02fc2df0..ffaa0e749cb119bd9e22236eecf068ebd73c804c 100644 (file)
--- a/src/backend/utils/adt/ri_triggers.c
+++ b/src/backend/utils/adt/ri_triggers.c
@@ -2396,6 +2396,11 @@ ri_LoadConstraintInfo(Oid constraintOid)
                                                  &riinfo->period_intersect_oper);
        }
 
+       /* Metadata used by fast path. */
+       riinfo->conindid = conForm->conindid;
+       riinfo->pk_is_partitioned =
+               (get_rel_relkind(riinfo->pk_relid) == RELKIND_PARTITIONED_TABLE);
+
        ReleaseSysCache(tup);
 
        /*
@@ -2406,10 +2411,6 @@ ri_LoadConstraintInfo(Oid constraintOid)
 
        riinfo->valid = true;
 
-       riinfo->conindid = conForm->conindid;
-       riinfo->pk_is_partitioned =
-               (get_rel_relkind(riinfo->pk_relid) == RELKIND_PARTITIONED_TABLE);
-
        riinfo->fpmeta = NULL;
 
        return riinfo;