Postgres Pro
Downloads
Home   >   mailing lists

Re: pgsql: Fix failure due to accessing an - Mailing list pgsql-committers

From Tatsuo Ishii
Subject Re: pgsql: Fix failure due to accessing an
Date
Msg-id 20070118.224953.35685121.t-ishii@sraoss.co.jp
Whole thread Raw
In response to pgsql: Fix failure due to accessing an already-freed tuple descriptor in  (tgl@postgresql.org (Tom Lane))
List pgsql-committers
Tree view 
Tom,

Is this a fix for security hole/vulnerability?
One of our engineer claimed that double free bug itself is a
vulnerability, thus 8.2.1 release should be called as "security
release".
--
Tatsuo Ishii
SRA OSS, Inc. Japan

> Log Message:
> -----------
> Fix failure due to accessing an already-freed tuple descriptor in a plan
> involving HashAggregate over SubqueryScan (this is the known case, there
> may well be more).  The bug is only latent in releases before 8.2 since they
> didn't try to access tupletable slots' descriptors during ExecDropTupleTable.
> The least bogus fix seems to be to make subqueries share the parent query's
> memory context, so that tupdescs they create will have the same lifespan as
> those of the parent query.  There are comments in the code envisioning going
> even further by not having a separate child EState at all, but that will
> require rethinking executor access to range tables, which I don't want to
> tackle right now.  Per bug report from Jean-Pierre Pelletier.
>
> Tags:
> ----
> REL8_2_STABLE
>
> Modified Files:
> --------------
>     pgsql/src/backend/executor:
>         execMain.c (r1.280 -> r1.280.2.1)
>         (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execMain.c.diff?r1=1.280&r2=1.280.2.1)
>         execUtils.c (r1.140 -> r1.140.2.1)
>
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.140&r2=1.140.2.1)
>         nodeSubplan.c (r1.80 -> r1.80.2.1)
>
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubplan.c.diff?r1=1.80&r2=1.80.2.1)
>         nodeSubqueryscan.c (r1.32.2.1 -> r1.32.2.2)
>
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubqueryscan.c.diff?r1=1.32.2.1&r2=1.32.2.2)
>     pgsql/src/include/executor:
>         executor.h (r1.130 -> r1.130.2.1)
>         (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/executor/executor.h.diff?r1=1.130&r2=1.130.2.1)
>     pgsql/src/include/nodes:
>         execnodes.h (r1.161 -> r1.161.2.1)
>         (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/nodes/execnodes.h.diff?r1=1.161&r2=1.161.2.1)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
>                http://archives.postgresql.org
>

pgsql-committers by date:

Previous
From: okbob@pgfoundry.org (User Okbob)
Date:
Subject: plpsm - plpgpsm: more regress test eVS:
Next
From: petere@postgresql.org (Peter Eisentraut)
Date:
Subject: pgsql: Clean up encoding issues in the xml type: In text mode, encoding