> On 15 Mar 2024, at 01:10, Michael Paquier <mich...@paquier.xyz> wrote: > > On Thu, Mar 14, 2024 at 10:56:46AM +0100, Daniel Gustafsson wrote: >> + /* don't allow destroys of read-only StringInfos */ >> + Assert(str->maxlen != 0); >> Considering that StringInfo.c don't own the memory here I think it's >> warranted >> to turn this assert into an elog() to avoid the risk of use-after-free bugs. > > Hmm. I am not sure how much protection this would offer, TBH.
I can't see how refusing to free memory owned and controlled by someone else, and throwing an error if attempted, wouldn't be a sound defensive programming measure. -- Daniel Gustafsson