Fix tuple printing in error message of tuple routing for partitions

With correctly crafted DDLs, this could lead to disclosure of arbitrary
backend memory a user may have no right to access.  This impacts only
REL_11_STABLE, as the issue has been introduced by 34295b8.

On HEAD, add regression tests to cover this issue in the future.

Author: Michael Paquier
Reviewed-by: Noah Misch
Security: CVE-2019-10129

1 files changed, 4 insertions, 4 deletions

diff --git a/src/backend/executor/execPartition.c b/src/backend/executor/execPartition.c
index 8061c7e449d..0595d6bf1d6 100644
--- a/src/backend/executor/execPartition.c
+++ b/src/backend/executor/execPartition.c
@@ -329,10 +329,6 @@ ExecFindPartition(ResultRelInfo *resultRelInfo, PartitionDispatch *pd,
 		}
 	}
 
-	/* Release the tuple in the lowest parent's dedicated slot. */
-	if (myslot != slot)
-		ExecClearTuple(myslot);
-
 	/* A partition was not found. */
 	if (result < 0)
 	{
@@ -348,6 +344,10 @@ ExecFindPartition(ResultRelInfo *resultRelInfo, PartitionDispatch *pd,
 				 val_desc ? errdetail("Partition key of the failing row contains %s.", val_desc) : 0));
 	}
 
+	/* Release the tuple in the lowest parent's dedicated slot. */
+	if (myslot != slot)
+		ExecClearTuple(myslot);
+
 	MemoryContextSwitchTo(oldcxt);
 	ecxt->ecxt_scantuple = ecxt_scantuple_old;