| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix use-after-free bug with AfterTriggersTableData.storeslot |
| Date: | 2021-02-27 21:10:37 |
| Message-ID: | E1lG6rF-0006Op-Fy@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix use-after-free bug with AfterTriggersTableData.storeslot
AfterTriggerSaveEvent() wrongly allocates the slot in execution-span
memory context, whereas the correct thing is to allocate it in
a transaction-span context, because that's where the enclosing
AfterTriggersTableData instance belongs into.
Backpatch to 12 (the test back to 11, where it works well with no code
changes, and it's good to have to confirm that the case was previously
well supported); this bug seems introduced by commit ff11e7f4b9ae.
Reported-by: Bertrand Drouvot <bdrouvot(at)amazon(dot)com>
Author: Amit Langote <amitlangote09(at)gmail(dot)com>
Discussion: https://postgr.es/m/39a71864-b120-5a5c-8cc5-c632b6f16761@amazon.com
Branch
------
REL_13_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/2688852a49ea52e5663c09f91cdcf43697e10814
Modified Files
--------------
src/backend/commands/trigger.c | 52 +++++++++++++++++----------
src/test/regress/expected/triggers.out | 59 ++++++++++++++++++++++++++++++
src/test/regress/sql/triggers.sql | 65 ++++++++++++++++++++++++++++++++++
3 files changed, 157 insertions(+), 19 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2021-02-27 23:00:47 | pgsql: pgbench: Remove now-dead CState->ecnt |
| Previous Message | Noah Misch | 2021-02-27 15:07:46 | pgsql: Raise a timeout to 180s, in contrib/test_decoding. |