| From: | Nikita Glukhov <n(dot)gluhov(at)postgrespro(dot)ru> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Fix freeing of dangling IndexScanDesc.xs_hitup in GiST |
| Date: | 2017-05-04 19:50:36 |
| Message-ID: | 05923dca-11d6-a59c-d22b-30f020bf367d@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04.05.2017 22:16, Tom Lane wrote:
> Nikita Glukhov <n(dot)gluhov(at)postgrespro(dot)ru> writes:
>> In gistrescan() IndexScanDesc.xs_hitup is not reset after MemoryContextReset() of
>> so->queueCxt in which xs_hitup was allocated, then getNextNearest() tries to pfree()
>> dangling xs_hitup, which results in the reuse of this pointer and the subsequent crash.
> Right. I already did something about this, about an hour ago --- a
> bit differently from your patch, but same idea.
>
> regards, tom lane
Sorry that I'm not monitoring pgsql-bugs.
It might be interesting that I found this bug back in July 2016 when I
was experimenting with my KNN-btree implementation, but I failed to report
it because I could reproduce it only manually by a calling in a loop
gistrescan() and gistgettuple().
--
Nikita Glukhov
Postgres Professional:http://www.postgrespro.com
The Russian Postgres Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-05-04 19:58:28 | what's up with IDENTIFIER_LOOKUP_EXPR? |
| Previous Message | Tom Lane | 2017-05-04 19:49:29 | Re: Potential issue with alter system |