| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Subject: | Re: Potential use-after-free in partion related code |
| Date: | 2023-11-15 18:02:50 |
| Message-ID: | 202311151802.ngj2la66jwgi@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2023-Nov-15, Andres Freund wrote:
> partConstraint = list_concat(partBoundConstraint,
> RelationGetPartitionQual(rel));
>
> At this point partBoundConstraint may not be used anymore, because
> list_concat() might have reallocated.
>
> But then a few lines later:
>
> /* we already hold a lock on the default partition */
> defaultrel = table_open(defaultPartOid, NoLock);
> defPartConstraint =
> get_proposed_default_constraint(partBoundConstraint);
>
> We use partBoundConstraint again.
Yeah, this is wrong if partBoundConstraint is reallocated by
list_concat. One possible fix is to change list_concat to
list_concat_copy(), which leaves the original list unmodified.
AFAICT the bug came in with 6f6b99d1335b, which added default
partitions.
--
Álvaro Herrera Breisgau, Deutschland — https://www.EnterpriseDB.com/
"Now I have my system running, not a byte was off the shelf;
It rarely breaks and when it does I fix the code myself.
It's stable, clean and elegant, and lightning fast as well,
And it doesn't cost a nickel, so Bill Gates can go to hell."
| From | Date | Subject | |
|---|---|---|---|
| Next Message | vignesh C | 2023-11-15 18:03:28 | Re: pg_upgrade and logical replication |
| Previous Message | Tom Lane | 2023-11-15 17:45:46 | Re: On non-Windows, hard depend on uselocale(3) |