diff options
| author | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:40 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2019-02-01 10:35:40 +0900 |
| commit | 47412e075266a5f23c66aaaf3abbb76b075c2c15 (patch) | |
| tree | dac84eb95f570dd4a2eb8ee822a119f1fd4e90ad /src | |
| parent | cf25498f718a35addf0fc783691538d91d60dcf8 (diff) | |
| download | postgresql-47412e075266a5f23c66aaaf3abbb76b075c2c15.tar.gz postgresql-47412e075266a5f23c66aaaf3abbb76b075c2c15.zip | |
Fix use of dangling pointer in heap_delete() when logging replica identity
When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE
records include references of the old tuple. Its data is stored in an
intermediate variable used to register this information for the WAL
record, but this variable gets away from the stack when the record gets
actually inserted.
Spotted by clang's AddressSanitizer.
Author: Stas Kelvish
Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru
Backpatch-through: 9.4
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/access/heap/heapam.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index 5305db94609..07e9d24013d 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -3343,6 +3343,7 @@ l1: if (RelationNeedsWAL(relation)) { xl_heap_delete xlrec; + xl_heap_header xlhdr; XLogRecPtr recptr; /* For logical decode we need combocids to properly decode the catalog */ @@ -3377,8 +3378,6 @@ l1: */ if (old_key_tuple != NULL) { - xl_heap_header xlhdr; - xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2; xlhdr.t_infomask = old_key_tuple->t_data->t_infomask; xlhdr.t_hoff = old_key_tuple->t_data->t_hoff; |