| From: | John Naylor <john(dot)naylor(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix reuse-after-free hazard in dead_items_reset |
| Date: | 2025-10-03 09:19:14 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix reuse-after-free hazard in dead_items_reset
In similar vein to commit ccc8194e427, a reset instance of a shared
memory TID store happened to occupy the same private memory as the old
one for the entry point, since the chunk freed after the last round
of index vacuuming was put on the context's freelist. The failure
to update the vacrel->dead_items pointer was evident by nudging the
system to allocate memory in a different area. This was not discovered
at the time of the earlier commit since our regression tests didn't
cover multiple index passes with parallel vacuum.
Backpatch to v17, when TidStore came in.
Author: Kevin Oommen Anish <kevin(dot)o(at)zohocorp(dot)com>
Reviewed-by: Richard Guo <guofenglinux(at)gmail(dot)com>
Tested-by: Richard Guo <guofenglinux(at)gmail(dot)com>
Discussion: https://postgr.es/m/199a07cbdfc.7a1c4aac25838.1675074408277594551%40zohocorp.com
Backpatch-through: 17
Branch
------
REL_17_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/3549ffb6afaf045d715be6ca42814f0a08ad2af9
Modified Files
--------------
src/backend/access/heap/vacuumlazy.c | 2 ++
1 file changed, 2 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2025-10-03 10:05:19 | pgsql: Tidy-up unneeded NULL parameter checks from SQL function |
| Previous Message | John Naylor | 2025-10-03 09:19:04 | pgsql: Fix reuse-after-free hazard in dead_items_reset |