Home > mailing lists

pgsql: Fix memory corruption/crash in ANALYZE. - Mailing list pgsql-committers

From	Andres Freund
Subject	pgsql: Fix memory corruption/crash in ANALYZE.
Date	June 19, 2019 01:55:37
Msg-id	E1hdN0r-0004xr-Vr@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix memory corruption/crash in ANALYZE.

This fixes an embarrassing oversight I (Andres) made in 737a292b,
namely missing two place where liverows/deadrows were used when
converting those variables to pointers, leading to incrementing the
pointer, rather than the value.

It's not that actually that easy to trigger a crash: One needs tuples
deleted by the current transaction, followed by a tuple deleted in
another session, all in one page. Which is presumably why this hasn't
been noticed before.

Reported-By: Steve Singer
Author: Steve Singer
Discussion: https://postgr.es/m/c7988239-d42c-ddc4-41db-171b23b35e4f@ssinger.info

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/23224563d97913aa824d04c498d59ad4d85fda38

Modified Files
--------------
src/backend/access/heap/heapam_handler.c |  4 ++--
src/test/regress/expected/vacuum.out     | 12 ++++++++++++
src/test/regress/sql/vacuum.sql          | 13 +++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)

pgsql-committers by date:

From: Alvaro Herrera
Date: 19 June 2019, 01:24:38
Subject: pgsql: Avoid spurious deadlocks when upgrading a tuple lock

From: Michael Paquier
Date: 19 June 2019, 05:03:09
Subject: pgsql: Fix description of WAL record XLOG_BTREE_META_CLEANUP

pgsql: Fix memory corruption/crash in ANALYZE. - Mailing list pgsql-committers

Previous

Next