On Thu, Mar 28, 2019 at 07:33:36PM +0100, Tomas Vondra wrote:
>On Thu, Mar 28, 2019 at 11:29:12AM -0700, Peter Geoghegan wrote:
>>On Wed, Mar 27, 2019 at 6:27 PM Tomas Vondra
>><tomas.vondra@2ndquadrant.com> wrote:
>>>It's a bit too late for pushing emergency fixes over here, so I'll do
>>>more testing tomorrow and then push.
>>
>>The buildfarm is still almost all-red now. Can you estimate how long
>>it will take to push a fix?
>>
>
>Half an hour, at most. I have a fix and I'm running tests on it to make
>sure it does break something else.
>
OK, I've pushed the fix. As explained in the commit message, the
deserialization was borked in two ways. Firstly, it was vulnerable to
use-after-free. Secondly, the serialization/deserialization of data for
by-value types did not work for bigendian systems.
I believe this should fix prion (which was tripping on the first issue,
due to using -DRELCACHE_FORCE_RELEASE -DCATCACHE_FORCE_RELEASE) and at
least some of the bigendian boxes (I've tested it on s390x).
I do think there's one remaining issue - the deserialized value is
allocated as a single chunk, and is then "sliced" into smaller buffers.
But the code ignores alignment, which I think may trigger SIGBUS on some
platforms - for example grison, skate or gull fail like this, and those
are ARMv7 and sparc machines.
I do have a fix for that too, but I decided not to push it yet before
testing it a bit more.
regards
--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services