| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix reference-after-free when waiting for another xact due to co |
| Date: | 2015-02-04 14:09:23 |
| Message-ID: | E1YJ0dv-0003in-HR@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix reference-after-free when waiting for another xact due to constraint.
If an insertion or update had to wait for another transaction to finish,
because there was another insertion with conflicting key in progress,
we would pass a just-free'd item pointer to XactLockTableWait().
All calls to XactLockTableWait() and MultiXactIdWait() had similar issues.
Some passed a pointer to a buffer in the buffer cache, after already
releasing the lock. The call in EvalPlanQualFetch had already released the
pin too. All but the call in execUtils.c would merely lead to reporting a
bogus ctid, however (or an assertion failure, if enabled).
All the callers that passed HeapTuple->t_data->t_ctid were slightly bogus
anyway: if the tuple was updated (again) in the same transaction, its ctid
field would point to the next tuple in the chain, not the tuple itself.
Backpatch to 9.4, where the 'ctid' argument to XactLockTableWait was added
(in commit f88d4cfc)
Branch
------
REL9_4_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/48a565d78ba9413317d6095010cf622e9d6a36eb
Modified Files
--------------
src/backend/access/heap/heapam.c | 16 ++++++++--------
src/backend/catalog/index.c | 4 ++--
src/backend/executor/execMain.c | 2 +-
src/backend/executor/execUtils.c | 4 +++-
4 files changed, 14 insertions(+), 12 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2015-02-04 15:41:46 | pgsql: Use a separate memory context for GIN scan keys. |
| Previous Message | Robert Haas | 2015-02-04 13:52:15 | pgsql: pgcrypto: Code cleanup for decrypt_internal. |