| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix use-after-free in pgstat_fetch_stat_backend_by_pid() |
| Date: | 2025-04-07 00:52:24 |
| Message-ID: | E1u1aiu-0032Wo-2i@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix use-after-free in pgstat_fetch_stat_backend_by_pid()
stats_fetch_consistency set to "snapshot" causes the backend entry
"beentry" retrieved by pgstat_get_beentry_by_proc_number() to be reset
at the beginning of pgstat_fetch_stat_backend() when fetching the
backend pgstats entry. As coded, "beentry" was being accessed after
being freed. This commit moves all the accesses to "beentry" to happen
before calling pgstat_fetch_stat_backend(), fixing the problem.
This problem could be reached by calling the SQL functions
pg_stat_get_backend_io() or pg_stat_get_backend_wal().
Issue caught by valgrind.
Reported-by: Alexander Lakhin <exclusion(at)gmail(dot)com>
Author: Bertrand Drouvot <bertranddrouvot(dot)pg(at)gmail(dot)com>
Discussion: https://postgr.es/m/f1788cc0-253a-4a3a-aee0-1b8ab9538736@gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/3191a593d6dea56def460d06adc779f2aca44976
Modified Files
--------------
src/backend/utils/activity/pgstat_backend.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2025-04-07 01:16:03 | pgsql: Clarify comment for worst-case allocation in quote_literal_cstr( |
| Previous Message | Fujii Masao | 2025-04-07 00:29:39 | pgsql: Use XLOG_CONTROL_FILE macro consistently for control file name. |