sql/opt: fix RLS metadata clearing

spilchen · spilchen · commit dc5414dd2e7b · 2025-10-16T15:41:38.000-03:00
This commit addresses two issues in the handling of RLS metadata in the sql/opt package: - The RLS metadata was not being properly cleared after calling the Clear() function. This function is only used in test. - Emitting RLS information during explain could theoretically result in a nil pointer dereference. While this path cannot be reached with a nil pointer under current conditions, the code was caught by an LLM. This change adds a defensive safeguard. Closes #153192 Release note: none Epic: none
diff --git a/pkg/sql/opt/exec/explain/emit.go b/pkg/sql/opt/exec/explain/emit.go
@@ -1509,14 +1509,16 @@ func (e *emitter) emitPolicies(ob *OutputBuilder, table cat.Table, n *Node) {
 		ob.AddField("policies", "row-level security enabled, no policies applied.")
 	} else {
 		var sb strings.Builder
-		policies := table.Policies()
-		for _, grp := range [][]cat.Policy{policies.Permissive, policies.Restrictive} {
-			for _, policy := range grp {
-				if applied.Policies.Contains(policy.ID) {
-					if sb.Len() > 0 {
-						sb.WriteString(", ")
+		if table != nil {
+			policies := table.Policies()
+			for _, grp := range [][]cat.Policy{policies.Permissive, policies.Restrictive} {
+				for _, policy := range grp {
+					if applied.Policies.Contains(policy.ID) {
+						if sb.Len() > 0 {
+							sb.WriteString(", ")
+						}
+						sb.WriteString(policy.Name.Normalize())
 					}
-					sb.WriteString(policy.Name.Normalize())
 				}
 			}
 		}
diff --git a/pkg/sql/opt/memo/memo_test.go b/pkg/sql/opt/memo/memo_test.go
@@ -672,7 +672,12 @@ func TestMemoIsStale(t *testing.T) {
 	stale()
 	evalCtx.SessionData().UserProto = oldUser
 	notStale()
+
+	// User changes (after RLS was reinitialized)
 	o.Memo().Metadata().ClearRLSEnabled()
+	evalCtx.SessionData().UserProto = newUser
+	notStale()
+	evalCtx.SessionData().UserProto = oldUser
 	notStale()
 
 	// Stale row_security.
diff --git a/pkg/sql/opt/row_level_security.go b/pkg/sql/opt/row_level_security.go
@@ -48,7 +48,10 @@ func (r *RowLevelSecurityMeta) MaybeInit(user username.SQLUsername, hasAdminRole
 
 // Clear unsets the initialized property. This is used as a test helper.
 func (r *RowLevelSecurityMeta) Clear() {
-	r = &RowLevelSecurityMeta{}
+	if r == nil {
+		return
+	}
+	*r = RowLevelSecurityMeta{}
 }
 
 // AddTableUse indicates that an RLS-enabled table was encountered while

Original file line number	Diff line number	Diff line change
`@@ -1509,14 +1509,16 @@ func (e emitter) emitPolicies(ob OutputBuilder, table cat.Table, n *Node) {`
`1509`	`1509`	`ob.AddField("policies", "row-level security enabled, no policies applied.")`
`1510`	`1510`	`} else {`
`1511`	`1511`	`var sb strings.Builder`
`1512`		`- policies := table.Policies()`
`1513`		`- for _, grp := range [][]cat.Policy{policies.Permissive, policies.Restrictive} {`
`1514`		`- for _, policy := range grp {`
`1515`		`- if applied.Policies.Contains(policy.ID) {`
`1516`		`- if sb.Len() > 0 {`
`1517`		`- sb.WriteString(", ")`
	`1512`	`+ if table != nil {`
	`1513`	`+ policies := table.Policies()`
	`1514`	`+ for _, grp := range [][]cat.Policy{policies.Permissive, policies.Restrictive} {`
	`1515`	`+ for _, policy := range grp {`
	`1516`	`+ if applied.Policies.Contains(policy.ID) {`
	`1517`	`+ if sb.Len() > 0 {`
	`1518`	`+ sb.WriteString(", ")`
	`1519`	`+ }`
	`1520`	`+ sb.WriteString(policy.Name.Normalize())`
`1518`	`1521`	`}`
`1519`		`- sb.WriteString(policy.Name.Normalize())`
`1520`	`1522`	`}`
`1521`	`1523`	`}`
`1522`	`1524`	`}`