>> There exists a crash that could easily be used as a denial of service
>> against PostgreSQL by any user who can call a trusted stored procedure
>> that makes use of temp tables.
>
> What this is actually exposing is a case where CurrentResourceOwner is
> left pointing at garbage. PortalRun saves and restores the caller's
> value of CurrentResourceOwner, which is normally fine and dandy.
> When doing a top-level command such as the VACUUM, CurrentResourceOwner
> is TopTransactionResourceOwner. However, VACUUM does internal
> CommitTransaction and StartTransaction commands, which destroy and
> recreate the whole transaction including TopTransactionResourceOwner.
> In many situations TopTransactionResourceOwner ends up getting
> recreated
> at the same address it was at before, but this is obviously not
> guaranteeable in the general case; Sean's test case simply exposes one
> path in which it isn't at the same address.
FYI, I can confirm that your commit fixes this issue. Thank you very
much! -sc
--
Sean Chittenden
