diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c59be68b..7f762a96a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ accidentally triggering the load of a previous DB version.**
 * #4020 Fix ALTER TABLE EventTrigger initialization
 * #4024 Fix premature cache release call
 * #4069 Fix riinfo NULL handling in ANY construct
+* #4073 Fix buffer overflow in partition scheme
 
 **Thanks**
 * @erikhh for reporting an issue with time_bucket_gapfill
diff --git a/src/plan_expand_hypertable.c b/src/plan_expand_hypertable.c
index 2237d9364..a63a98faa 100644
--- a/src/plan_expand_hypertable.c
+++ b/src/plan_expand_hypertable.c
@@ -1134,9 +1134,9 @@ build_hypertable_partition_info(Hypertable *ht, PlannerInfo *root, RelOptInfo *h
 	part_scheme->partnatts = ht->space->num_dimensions;
 	part_scheme->strategy = PARTITION_STRATEGY_MULTIDIM;
 	hyper_rel->nparts = nparts;
-	part_scheme->partopfamily = palloc0(nparts * sizeof(Oid));
-	part_scheme->partopcintype = palloc0(nparts * sizeof(Oid));
-	part_scheme->partcollation = palloc0(nparts * sizeof(Oid));
+	part_scheme->partopfamily = palloc0(part_scheme->partnatts * sizeof(Oid));
+	part_scheme->partopcintype = palloc0(part_scheme->partnatts * sizeof(Oid));
+	part_scheme->partcollation = palloc0(part_scheme->partnatts * sizeof(Oid));
 	hyper_rel->part_scheme = part_scheme;
 	hyper_rel->partexprs = get_hypertable_partexprs(ht, root->parse, hyper_rel->relid);
 	hyper_rel->nullable_partexprs = (List **) palloc0(sizeof(List *) * part_scheme->partnatts);
diff --git a/tsl/src/fdw/data_node_scan_plan.c b/tsl/src/fdw/data_node_scan_plan.c
index 02f6277db..e26cb8220 100644
--- a/tsl/src/fdw/data_node_scan_plan.c
+++ b/tsl/src/fdw/data_node_scan_plan.c
@@ -293,7 +293,11 @@ force_group_by_push_down(PlannerInfo *root, RelOptInfo *hyper_rel)
 {
 	PartitionScheme partscheme = hyper_rel->part_scheme;
 	List *groupexprs;
+	List **nullable_partexprs;
 	int16 new_partnatts;
+	Oid *partopfamily;
+	Oid *partopcintype;
+	Oid *partcollation;
 	ListCell *lc;
 	int i = 0;
 
@@ -302,10 +306,27 @@ force_group_by_push_down(PlannerInfo *root, RelOptInfo *hyper_rel)
 	groupexprs = get_sortgrouplist_exprs(root->parse->groupClause, root->parse->targetList);
 	new_partnatts = list_length(groupexprs);
 
-	/* Only reallocate the partitioning attributes array if it is smaller than
-	 * the new size */
+	/* Only reallocate the partitioning attributes arrays if it is smaller than
+	 * the new size. palloc0 is needed to zero out the extra space. */
 	if (partscheme->partnatts < new_partnatts)
+	{
+		partopfamily = palloc0(new_partnatts * sizeof(Oid));
+		partopcintype = palloc0(new_partnatts * sizeof(Oid));
+		partcollation = palloc0(new_partnatts * sizeof(Oid));
+		nullable_partexprs = palloc0(new_partnatts * sizeof(List *));
+
+		memcpy(partopfamily, partscheme->partopfamily, new_partnatts * sizeof(Oid));
+		memcpy(partopcintype, partscheme->partopcintype, new_partnatts * sizeof(Oid));
+		memcpy(partcollation, partscheme->partcollation, new_partnatts * sizeof(Oid));
+		memcpy(nullable_partexprs, hyper_rel->nullable_partexprs, new_partnatts * sizeof(List *));
+
+		partscheme->partopfamily = partopfamily;
+		partscheme->partopcintype = partopcintype;
+		partscheme->partcollation = partcollation;
+		hyper_rel->nullable_partexprs = nullable_partexprs;
+
 		hyper_rel->partexprs = (List **) palloc0(sizeof(List *) * new_partnatts);
+	}
 
 	partscheme->partnatts = new_partnatts;