Fix dangling smgr_owner pointer when a fake relcache entry is freed.
authorHeikki Linnakangas <[email protected]>
Fri, 7 Mar 2014 11:25:11 +0000 (13:25 +0200)
committerHeikki Linnakangas <[email protected]>
Fri, 7 Mar 2014 11:37:45 +0000 (13:37 +0200)
commit0f714c602cd260cace1f8c2d61896d7851990021
tree34db17a34d45370d2b5b1e42e9cb6f84a594eb52
parentd8f2858b884c4b9c77a14a9e9e6ea5f16a48faf3
Fix dangling smgr_owner pointer when a fake relcache entry is freed.

A fake relcache entry can "own" a SmgrRelation object, like a regular
relcache entry. But when it was free'd, the owner field in SmgrRelation
was not cleared, so it was left pointing to free'd memory.

Amazingly this apparently hasn't caused crashes in practice, or we would've
heard about it earlier. Andres found this with Valgrind.

Report and fix by Andres Freund, with minor modifications by me. Backpatch
to all supported versions.
src/backend/access/transam/xlogutils.c
src/backend/storage/smgr/smgr.c
src/include/storage/smgr.h