diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:46 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:46 +0900 |
| commit | 478e0069fb8bc30d7e0c1a8fc390ed041e1b67c9 (patch) | |
| tree | 17812a08aa67572ea536bc77fbabcad5a7869726 | |
| parent | 2bac1d8c9848ec7045380401ae758003fe064bbc (diff) | |
| download | postgresql-478e0069fb8bc30d7e0c1a8fc390ed041e1b67c9.tar.gz postgresql-478e0069fb8bc30d7e0c1a8fc390ed041e1b67c9.zip | |
Fix use of dangling pointer in heap_delete() when logging replica identity
When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE
records include references of the old tuple. Its data is stored in an
intermediate variable used to register this information for the WAL
record, but this variable gets away from the stack when the record gets
actually inserted.
Spotted by clang's AddressSanitizer.
Author: Stas Kelvish
Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru
Backpatch-through: 9.4
| -rw-r--r-- | src/backend/access/heap/heapam.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index c7dd2be6fc1..0a9aafb7b62 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -3290,6 +3290,7 @@ l1: if (RelationNeedsWAL(relation)) { xl_heap_delete xlrec; + xl_heap_header xlhdr; XLogRecPtr recptr; /* For logical decode we need combocids to properly decode the catalog */ @@ -3320,8 +3321,6 @@ l1: */ if (old_key_tuple != NULL) { - xl_heap_header xlhdr; - xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2; xlhdr.t_infomask = old_key_tuple->t_data->t_infomask; xlhdr.t_hoff = old_key_tuple->t_data->t_hoff; |