diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-03-07 13:25:11 +0200 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2014-03-07 13:28:52 +0200 |
| commit | 55566c9a740144439b54ff3aacbd43d11b6de52f (patch) | |
| tree | 1dfb40a4420d915c74b0b755e6db6021f31f4b85 /src/backend/access/transam/xlogutils.c | |
| parent | ad7b48ea08d6c33bae0a33c5f2a06272293c0f2f (diff) | |
| download | postgresql-55566c9a740144439b54ff3aacbd43d11b6de52f.tar.gz postgresql-55566c9a740144439b54ff3aacbd43d11b6de52f.zip | |
Fix dangling smgr_owner pointer when a fake relcache entry is freed.
A fake relcache entry can "own" a SmgrRelation object, like a regular
relcache entry. But when it was free'd, the owner field in SmgrRelation
was not cleared, so it was left pointing to free'd memory.
Amazingly this apparently hasn't caused crashes in practice, or we would've
heard about it earlier. Andres found this with Valgrind.
Report and fix by Andres Freund, with minor modifications by me. Backpatch
to all supported versions.
Diffstat (limited to 'src/backend/access/transam/xlogutils.c')
| -rw-r--r-- | src/backend/access/transam/xlogutils.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/access/transam/xlogutils.c b/src/backend/access/transam/xlogutils.c index f1918f6b078..05e74de9211 100644 --- a/src/backend/access/transam/xlogutils.c +++ b/src/backend/access/transam/xlogutils.c @@ -445,6 +445,9 @@ CreateFakeRelcacheEntry(RelFileNode rnode) void FreeFakeRelcacheEntry(Relation fakerel) { + /* make sure the fakerel is not referenced by the SmgrRelation anymore */ + if (fakerel->rd_smgr != NULL) + smgrclearowner(&fakerel->rd_smgr, fakerel->rd_smgr); pfree(fakerel); } |