diff options
| author | David Rowley <drowley@postgresql.org> | 2024-07-06 14:00:29 +1200 |
|---|---|---|
| committer | David Rowley <drowley@postgresql.org> | 2024-07-06 14:00:29 +1200 |
| commit | 49e29cbe8cbcb6bd4ac6c5dc64b1ad27844c1b5c (patch) | |
| tree | f4fc373ea4b8edcaeb7dc32acdaadb704ba165d9 | |
| parent | 31423bc4489d03112343395e94c9330e44983beb (diff) | |
| download | postgresql-49e29cbe8cbcb6bd4ac6c5dc64b1ad27844c1b5c.tar.gz postgresql-49e29cbe8cbcb6bd4ac6c5dc64b1ad27844c1b5c.zip | |
Fix incorrect sentinel byte logic in GenerationRealloc()
This only affects MEMORY_CONTEXT_CHECKING builds.
This fixes an off-by-one issue in GenerationRealloc() where the
fast-path code which tries to reuse the existing allocation if the
existing chunk is >= the new requested size. The code there thought it
was always ok to use the existing chunk, but when oldsize == size there
isn't enough space to store the sentinel byte. If both sizes matched
exactly set_sentinel() would overwrite the first byte beyond the chunk
and then subsequent GenerationRealloc() calls could then fail the
Assert(chunk->requested_size < oldsize) check which is trying to ensure
the chunk is large enough to store the sentinel.
The same issue does not exist in aset.c as the sentinel checking code
only adds a sentinel byte if there's enough space in the chunk.
Reported-by: Alexander Lakhin <exclusion@gmail.com>
Discussion: https://postgr.es/m/49275921-7b39-41af-5eb8-97b50ce3312e@gmail.com
Backpatch-through: 16, where the problem was introduced by 0e480385e
| -rw-r--r-- | src/backend/utils/mmgr/generation.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/backend/utils/mmgr/generation.c b/src/backend/utils/mmgr/generation.c index 4fb8663cd6b..8c2ca87705d 100644 --- a/src/backend/utils/mmgr/generation.c +++ b/src/backend/utils/mmgr/generation.c @@ -780,8 +780,8 @@ GenerationRealloc(void *pointer, Size size) #endif /* - * Maybe the allocated area already is >= the new size. (In particular, - * we always fall out here if the requested size is a decrease.) + * Maybe the allocated area already big enough. (In particular, we always + * fall out here if the requested size is a decrease.) * * This memory context does not use power-of-2 chunk sizing and instead * carves the chunks to be as small as possible, so most repalloc() calls @@ -789,7 +789,12 @@ GenerationRealloc(void *pointer, Size size) * * XXX Perhaps we should annotate this condition with unlikely()? */ +#ifdef MEMORY_CONTEXT_CHECKING + /* With MEMORY_CONTEXT_CHECKING, we need an extra byte for the sentinel */ + if (oldsize > size) +#else if (oldsize >= size) +#endif { #ifdef MEMORY_CONTEXT_CHECKING Size oldrequest = chunk->requested_size; |