> On 15 Mar 2024, at 01:10, Michael Paquier <michael@paquier.xyz> wrote:
>
> On Thu, Mar 14, 2024 at 10:56:46AM +0100, Daniel Gustafsson wrote:
>> + /* don't allow destroys of read-only StringInfos */
>> + Assert(str->maxlen != 0);
>> Considering that StringInfo.c don't own the memory here I think it's warranted
>> to turn this assert into an elog() to avoid the risk of use-after-free bugs.
>
> Hmm. I am not sure how much protection this would offer, TBH.
I can't see how refusing to free memory owned and controlled by someone else,
and throwing an error if attempted, wouldn't be a sound defensive programming
measure.
--
Daniel Gustafsson