Re: memory leak in pgoutput - Mailing list pgsql-hackers

> Here, after freeing the tupledesc, the ExecDropSingleTupleTableSlot will still

> access the freed tupledesc->tdrefcount which is an illegal memory access.

Yes, I overlooked that.

> I think we can do something like below instead:

>

> +                       TupleDesc       desc = entry->old_slot->tts_tupleDescriptor;

> +

> +                       Assert(desc->tdrefcount == -1);

> +

>                         ExecDropSingleTupleTableSlot(entry->old_slot);

> +                       FreeTupleDesc(desc);

It seems a bit odd because "entry->old_slot->tts_tupleDescriptor" is accessed

after "entry->old_slot" has been freed. I think we can avoid this by assigning

"desc" to NULL before ExecDropSingleTupleTableSlot().

```

+                                              TupleDesc       desc = entry->old_slot->tts_tupleDescriptor;

+

+                                              Assert(desc->tdrefcount == -1);

+

+                                              FreeTupleDesc(desc);

+                                              desc = NULL;

                                               ExecDropSingleTupleTableSlot(entry->old_slot);

```

By the way, this issue is introduced in 52e4f0cd472d39d. Therefore, we may need

to backport the patch to v15.

Best Regards,

Boyu Yang