diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:16 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:16 +0900 |
| commit | eb8c9f0bc394160efd6951c69e644551e835a486 (patch) | |
| tree | 1c4e5ae4d5ca29b4b4a5d87c64fa01721789cfe1 | |
| parent | f60a0e96778854ed0b7fd4737488ba88022e47bd (diff) | |
| download | postgresql-eb8c9f0bc394160efd6951c69e644551e835a486.tar.gz postgresql-eb8c9f0bc394160efd6951c69e644551e835a486.zip | |
Fix use of dangling pointer in heap_delete() when logging replica identity
When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE
records include references of the old tuple. Its data is stored in an
intermediate variable used to register this information for the WAL
record, but this variable gets away from the stack when the record gets
actually inserted.
Spotted by clang's AddressSanitizer.
Author: Stas Kelvish
Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru
Backpatch-through: 9.4
| -rw-r--r-- | src/backend/access/heap/heapam.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index 4406a69ef26..dc3499349b6 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -3039,6 +3039,7 @@ l1: if (RelationNeedsWAL(relation)) { xl_heap_delete xlrec; + xl_heap_header xlhdr; XLogRecPtr recptr; /* For logical decode we need combocids to properly decode the catalog */ @@ -3073,8 +3074,6 @@ l1: */ if (old_key_tuple != NULL) { - xl_heap_header xlhdr; - xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2; xlhdr.t_infomask = old_key_tuple->t_data->t_infomask; xlhdr.t_hoff = old_key_tuple->t_data->t_hoff; |