Hello. There is an unfortunate story on this issue.
At Wed, 8 May 2019 14:56:25 -0400, Andrew Dunstan <andrew.dunstan@2ndquadrant.com> wrote in
<7969b496-096a-bf9b-2a03-4706baa4c48e@2ndQuadrant.com>
>
> On 5/8/19 12:41 PM, Greg Stark wrote:
> > Don't we have a build farm animal that runs under valgrind that would
> > have caught this?
> >
> >
>
> There are two animals running under valgrind: lousyjack and skink.
Valgrind doesn't detect the overruning read since the block
doesn't has 'MEMNOACCESS' region, since the requested size is
just 64 bytes.
Thus the attached patch let valgrind detect the overrun.
==00:00:00:22.959 20254== VALGRINDERROR-BEGIN
==00:00:00:22.959 20254== Conditional jump or move depends on uninitialised value(s)
==00:00:00:22.959 20254== at 0x88A838: ExecInterpExpr (execExprInterp.c:1553)
==00:00:00:22.959 20254== by 0x88AFD5: ExecInterpExprStillValid (execExprInterp.c:1769)
==00:00:00:22.959 20254== by 0x8C3503: ExecEvalExprSwitchContext (executor.h:307)
==00:00:00:22.959 20254== by 0x8C4653: advance_aggregates (nodeAgg.c:679)
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
diff --git a/src/backend/executor/nodeAgg.c b/src/backend/executor/nodeAgg.c
index d01fc4f52e..7c6eab6d94 100644
--- a/src/backend/executor/nodeAgg.c
+++ b/src/backend/executor/nodeAgg.c
@@ -2935,7 +2935,7 @@ build_pertrans_for_aggref(AggStatePerTrans pertrans,
fmgr_info_set_expr((Node *) combinefnexpr, &pertrans->transfn);
pertrans->transfn_fcinfo =
- (FunctionCallInfo) palloc(SizeForFunctionCallInfo(2));
+ (FunctionCallInfo) palloc(SizeForFunctionCallInfo(2) + 1);
InitFunctionCallInfoData(*pertrans->transfn_fcinfo,
&pertrans->transfn,
2,