Home > mailing lists

pgsql: Fix dangling smgr_owner pointer when a fake relcache entry is fr - Mailing list pgsql-committers

From	Heikki Linnakangas
Subject	pgsql: Fix dangling smgr_owner pointer when a fake relcache entry is fr
Date	March 7, 2014 14:50:54
Msg-id	E1WLtIb-0000mv-Vg@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix dangling smgr_owner pointer when a fake relcache entry is freed.

A fake relcache entry can "own" a SmgrRelation object, like a regular
relcache entry. But when it was free'd, the owner field in SmgrRelation
was not cleared, so it was left pointing to free'd memory.

Amazingly this apparently hasn't caused crashes in practice, or we would've
heard about it earlier. Andres found this with Valgrind.

Report and fix by Andres Freund, with minor modifications by me. Backpatch
to all supported versions.

Branch
------
REL9_1_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/080ad9120d79933e5aed545986885058f8aa7385

Modified Files
--------------
src/backend/access/transam/xlogutils.c |    3 +++
src/backend/storage/smgr/smgr.c        |   42 +++++++++++++++++++++++++++++---
src/include/storage/smgr.h             |    1 +
3 files changed, 42 insertions(+), 4 deletions(-)

pgsql-committers by date:

From: Heikki Linnakangas
Date: 07 March 2014, 14:50:52
Subject: pgsql: Avoid memcpy() with same source and destination address.

From: Heikki Linnakangas
Date: 07 March 2014, 14:50:59
Subject: pgsql: Avoid memcpy() with same source and destination address.

pgsql: Fix dangling smgr_owner pointer when a fake relcache entry is fr - Mailing list pgsql-committers

Previous

Next