On 2023-Jul-11, Jeevan Chalke wrote: > 4. However, 2nd path was already sorted and passed as is to the add_path(). > 5. add_path() decides to reject this new path on some metrics. However, in > the end, it pfree() this passed in path. It seems wrong as its references > do present elsewhere. For example, in the first path's parent rels path > list. > 6. So, while displaying the parent's path, we end up with these warnings.
In other words, this is use-after-free, with add_path freeing the passed-in Path pointer, but one particular case in which this Path is still used afterwards. > I tried to get a fix for this but no luck so far. I proposed to add an add_path_extended() function that adds 'bool free_input_path' argument, and pass it false in that one place in create_ordered_paths. -- Álvaro Herrera 48°01'N 7°57'E — https://www.EnterpriseDB.com/
