diff options
| author | Robert Haas <rhaas@postgresql.org> | 2016-07-01 08:51:58 -0400 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2016-07-01 09:03:52 -0400 |
| commit | 8f4a369c28be28351ce64e12ac895db515dd5916 (patch) | |
| tree | 0962bbc9206a5329a4734da4875f223c0ecbb09d | |
| parent | 8caf9fe62544b351d4f6219bf416f5ce08ef3c21 (diff) | |
| download | postgresql-8f4a369c28be28351ce64e12ac895db515dd5916.tar.gz postgresql-8f4a369c28be28351ce64e12ac895db515dd5916.zip | |
Fix crash bug in RestoreSnapshot.
If serialized_snapshot->subxcnt > 0 and serialized_snapshot->xcnt == 0,
the old coding would do the wrong thing and crash. This can happen
on standby servers.
Report by Andreas Seltenreich. Patch by Thomas Munro, reviewed by
Amit Kapila and tested by Andreas Seltenreich.
| -rw-r--r-- | src/backend/utils/time/snapmgr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/utils/time/snapmgr.c b/src/backend/utils/time/snapmgr.c index 6ef2df8a20a..9cbe226b228 100644 --- a/src/backend/utils/time/snapmgr.c +++ b/src/backend/utils/time/snapmgr.c @@ -1573,7 +1573,8 @@ RestoreSnapshot(char *start_address) /* Copy SubXIDs, if present. */ if (serialized_snapshot->subxcnt > 0) { - snapshot->subxip = snapshot->xip + serialized_snapshot->xcnt; + snapshot->subxip = ((TransactionId *) (snapshot + 1)) + + serialized_snapshot->xcnt; memcpy(snapshot->subxip, serialized_xids + serialized_snapshot->xcnt, serialized_snapshot->subxcnt * sizeof(TransactionId)); } |