| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix memory corruption/crash in ANALYZE. |
| Date: | 2019-06-18 22:55:37 |
| Message-ID: | E1hdN0r-0004xr-Vr@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix memory corruption/crash in ANALYZE.
This fixes an embarrassing oversight I (Andres) made in 737a292b,
namely missing two place where liverows/deadrows were used when
converting those variables to pointers, leading to incrementing the
pointer, rather than the value.
It's not that actually that easy to trigger a crash: One needs tuples
deleted by the current transaction, followed by a tuple deleted in
another session, all in one page. Which is presumably why this hasn't
been noticed before.
Reported-By: Steve Singer
Author: Steve Singer
Discussion: https://postgr.es/m/c7988239-d42c-ddc4-41db-171b23b35e4f@ssinger.info
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/23224563d97913aa824d04c498d59ad4d85fda38
Modified Files
--------------
src/backend/access/heap/heapam_handler.c | 4 ++--
src/test/regress/expected/vacuum.out | 12 ++++++++++++
src/test/regress/sql/vacuum.sql | 13 +++++++++++++
3 files changed, 27 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2019-06-19 02:03:09 | pgsql: Fix description of WAL record XLOG_BTREE_META_CLEANUP |
| Previous Message | Alvaro Herrera | 2019-06-18 22:25:47 | Re: pgsql: Avoid spurious deadlocks when upgrading a tuple lock |