| From: | Peter Geoghegan <pg(at)heroku(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Rowley <david(dot)rowley(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Regina Obe <lr(at)pcorp(dot)us>, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #14344: string_agg(DISTINCT ..) crash |
| Date: | 2016-10-13 00:02:11 |
| Message-ID: | CAM3SWZSAPkKmbAFUHC3e6qszfMTnsUzv137Fi2Mcyg-rfEebKQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Wed, Oct 12, 2016 at 4:36 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
> This fix has us copy the MinimalTuple into sortcontext palloc() memory
> within tuplesort_gettupleslot() (based on commit 25bf7f8b). This still
> differs a little from tuplestore_gettupleslot(), which explicitly uses
> current context of caller, but we've always done things that way for
> tuplesort.c.
Actually, it's only true that tuplesort sortcontext context is used
when copy isn't needed, which is not predictable to caller, so the new
comment is a bit inaccurate. The inconsistency seems inconsequential,
since we've always assume that caller tuples allocated within
sortcontext may be "owned" by caller (when should_free = true),
despite not being in caller's own memory context.
Attached is revision with tiny tweak to relevant comment.
--
Peter Geoghegan
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Fix-use-after-free-around-DISTINCT-transition-functi.patch | text/x-patch | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | sunpeng | 2016-10-13 00:43:32 | Re: 9.6 bug: select jsonb_set('[{"f1":1,"f2":null},2,null,3]', '{0}','[2,3,4]', |
| Previous Message | Peter Geoghegan | 2016-10-12 23:36:13 | Re: BUG #14344: string_agg(DISTINCT ..) crash |