fix: avoid using uninitialized memory

buriedpot · buriedpot · commit d3b2caa9ed83 · 2026-03-17T15:06:32.000+08:00
During a RUM index scan, if a concurrent VACUUM completes and removes
all items from a posting tree leaf page, entry-&gt;nlist can become zero.
In this case, entry-&gt;curItem may point to uninitialized memory, leading
to a crash. The commit fixes this bug.
diff --git a/src/rumget.c b/src/rumget.c
@@ -498,6 +498,9 @@ setListPositionScanEntry(RumState * rumstate, RumScanEntry entry)
 	OffsetNumber	StopLow	= entry->offset,
 					StopHigh = entry->nlist;
 
+	if (entry->nlist == 0)
+		return true;
+
 	if (entry->useMarkAddInfo == false)
 	{
 		entry->offset = (ScanDirectionIsForward(entry->scanDirection)) ?

Original file line number	Diff line number	Diff line change
`@@ -498,6 +498,9 @@ setListPositionScanEntry(RumState * rumstate, RumScanEntry entry)`
`498`	`498`	`OffsetNumber StopLow = entry->offset,`
`499`	`499`	`StopHigh = entry->nlist;`
`500`	`500`
	`501`	`+ if (entry->nlist == 0)`
	`502`	`+ return true;`
	`503`	`+`
`501`	`504`	`if (entry->useMarkAddInfo == false)`
`502`	`505`	`{`
`503`	`506`	`entry->offset = (ScanDirectionIsForward(entry->scanDirection)) ?`