From c6fe217c29778d3792dd87e2437b35547be2300f Mon Sep 17 00:00:00 2001
From: Peter Geoghegan <pg@bowt.ie>
Date: Mon, 25 Oct 2021 13:28:19 -0700
Subject: [PATCH v1 1/2] Harden nbtinsert.c posting split code.

---
 src/backend/access/nbtree/nbtinsert.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/backend/access/nbtree/nbtinsert.c b/src/backend/access/nbtree/nbtinsert.c
index 7355e1dba..c7d69df5c 100644
--- a/src/backend/access/nbtree/nbtinsert.c
+++ b/src/backend/access/nbtree/nbtinsert.c
@@ -946,6 +946,7 @@ _bt_findinsertloc(Relation rel,
 				/* Perform simple deletion */
 				_bt_delete_or_dedup_one_page(rel, heapRel, insertstate, true,
 											 false, false, false);
+				insertstate->bounds_valid = false;	/* Be careful */
 
 				if (PageGetFreeSpace(page) >= insertstate->itemsz)
 					break;		/* OK, now we have enough space */
@@ -987,7 +988,7 @@ _bt_findinsertloc(Relation rel,
 
 	newitemoff = _bt_binsrch_insert(rel, insertstate);
 
-	if (insertstate->postingoff == -1)
+	if (unlikely(insertstate->postingoff == -1))
 	{
 		/*
 		 * There is an overlapping posting list tuple with its LP_DEAD bit
@@ -1000,12 +1001,20 @@ _bt_findinsertloc(Relation rel,
 
 		/*
 		 * Do new binary search.  New insert location cannot overlap with any
-		 * posting list now.
+		 * posting list now.  But be careful.
 		 */
 		Assert(!insertstate->bounds_valid);
+		insertstate->bounds_valid = false;	/* Be careful */
 		insertstate->postingoff = 0;
 		newitemoff = _bt_binsrch_insert(rel, insertstate);
-		Assert(insertstate->postingoff == 0);
+
+		if (insertstate->postingoff != 0)
+			ereport(ERROR,
+					(errcode(ERRCODE_INDEX_CORRUPTED),
+					 errmsg_internal("found spurious list offset %d in tuple (%u,%u) of index \"%s\"",
+									 insertstate->postingoff,
+									 BufferGetBlockNumber(insertstate->buf), newitemoff,
+									 RelationGetRelationName(rel))));
 	}
 
 	return newitemoff;
@@ -1067,6 +1076,7 @@ _bt_stepright(Relation rel, BTInsertState insertstate, BTStack stack)
 	_bt_relbuf(rel, insertstate->buf);
 	insertstate->buf = rbuf;
 	insertstate->bounds_valid = false;
+	insertstate->postingoff = 0;	/* Be careful */
 }
 
 /*----------
-- 
2.30.2