| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix dangling smgr_owner pointer when a fake relcache entry is fr |
| Date: | 2014-03-07 11:50:45 |
| Message-ID: | E1WLtIb-0000ml-PV@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix dangling smgr_owner pointer when a fake relcache entry is freed.
A fake relcache entry can "own" a SmgrRelation object, like a regular
relcache entry. But when it was free'd, the owner field in SmgrRelation
was not cleared, so it was left pointing to free'd memory.
Amazingly this apparently hasn't caused crashes in practice, or we would've
heard about it earlier. Andres found this with Valgrind.
Report and fix by Andres Freund, with minor modifications by me. Backpatch
to all supported versions.
Branch
------
REL9_2_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/f650387b5038b50407d33d1e9b7590483bb11a72
Modified Files
--------------
src/backend/access/transam/xlogutils.c | 3 +++
src/backend/storage/smgr/smgr.c | 42 +++++++++++++++++++++++++++++---
src/include/storage/smgr.h | 1 +
3 files changed, 42 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2014-03-07 11:50:46 | pgsql: Avoid memcpy() with same source and destination address. |
| Previous Message | Heikki Linnakangas | 2014-03-07 08:45:48 | pgsql: Fix name of syslog_ident GUC in docs. |