Skip to content

Commit 07a5509

Browse files
author
Richard Guo
committed
Fix unsafe access to BufferDescriptors
When considering a local buffer, the GetBufferDescriptor() call in BufferGetLSNAtomic() would be retrieving a shared buffer with a bad buffer ID. Since the code checks whether the buffer is shared before using the retrieved BufferDesc, this issue did not lead to any malfunction. Nonetheless this seems like trouble waiting to happen, so fix it by ensuring that GetBufferDescriptor() is only called when we know the buffer is shared. Author: Tender Wang <tndrwang@gmail.com> Reviewed-by: Xuneng Zhou <xunengzhou@gmail.com> Reviewed-by: Richard Guo <guofenglinux@gmail.com> Discussion: https://postgr.es/m/CAHewXNku-o46-9cmUgyv6LkSZ25doDrWq32p=oz9kfD8ovVJMg@mail.gmail.com Backpatch-through: 13
1 parent 691c32b commit 07a5509

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/backend/storage/buffer/bufmgr.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3030,8 +3030,8 @@ BufferIsPermanent(Buffer buffer)
30303030
XLogRecPtr
30313031
BufferGetLSNAtomic(Buffer buffer)
30323032
{
3033-
BufferDesc *bufHdr = GetBufferDescriptor(buffer - 1);
30343033
char *page = BufferGetPage(buffer);
3034+
BufferDesc *bufHdr;
30353035
XLogRecPtr lsn;
30363036
uint32 buf_state;
30373037

@@ -3045,6 +3045,7 @@ BufferGetLSNAtomic(Buffer buffer)
30453045
Assert(BufferIsValid(buffer));
30463046
Assert(BufferIsPinned(buffer));
30473047

3048+
bufHdr = GetBufferDescriptor(buffer - 1);
30483049
buf_state = LockBufHdr(bufHdr);
30493050
lsn = PageGetLSN(page);
30503051
UnlockBufHdr(bufHdr, buf_state);

0 commit comments

Comments
 (0)