Skip to content

Commit 949e2e7

Browse files
robertmhaasrobertmhaas
committed
amcheck: Fix a few bugs in new update chain validation.
We shouldn't set successor[whatever] to an offset number that is less than FirstOffsetNumber or more than maxoff. We already avoided that for redirects, but not for CTID links. Allowing bad offset numbers into the successor[] array causes core dumps. We shouldn't use HeapTupleHeaderIsHotUpdated() because it checks stuff other than the status of the infomask2 bit HEAP_HOT_UPDATED. We only care about the status of that bit, not the other stuff that HeapTupleHeaderIsHotUpdated() checks. This mistake can cause verify_heapam() to report corruption when none is present. The first hunk of this patch was written by me. The other two were written by Andres Freund. This could probably do with more review before commit, but I'd like to try to get the buildfarm green again sooner rather than later. Discussion: http://postgr.es/m/20230322204552.s6cv3ybqkklhhybb@awork3.anarazel.de
1 parent dccef0f commit 949e2e7

File tree

1 file changed

+7
-3
lines changed

1 file changed

+7
-3
lines changed

contrib/amcheck/verify_heapam.c

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -543,7 +543,8 @@ verify_heapam(PG_FUNCTION_ARGS)
543543
*/
544544
nextblkno = ItemPointerGetBlockNumber(&(ctx.tuphdr)->t_ctid);
545545
nextoffnum = ItemPointerGetOffsetNumber(&(ctx.tuphdr)->t_ctid);
546-
if (nextblkno == ctx.blkno && nextoffnum != ctx.offnum)
546+
if (nextblkno == ctx.blkno && nextoffnum != ctx.offnum &&
547+
nextoffnum >= FirstOffsetNumber && nextoffnum <= maxoff)
547548
successor[ctx.offnum] = nextoffnum;
548549
}
549550

@@ -665,15 +666,18 @@ verify_heapam(PG_FUNCTION_ARGS)
665666
* tuple should be marked as a heap-only tuple. Conversely, if the
666667
* current tuple isn't marked as HOT-updated, then the next tuple
667668
* shouldn't be marked as a heap-only tuple.
669+
*
670+
* NB: Can't use HeapTupleHeaderIsHotUpdated() as it checks if
671+
* hint bits indicate xmin/xmax aborted.
668672
*/
669-
if (!HeapTupleHeaderIsHotUpdated(curr_htup) &&
673+
if (!(curr_htup->t_infomask2 & HEAP_HOT_UPDATED) &&
670674
HeapTupleHeaderIsHeapOnly(next_htup))
671675
{
672676
report_corruption(&ctx,
673677
psprintf("non-heap-only update produced a heap-only tuple at offset %u",
674678
(unsigned) nextoffnum));
675679
}
676-
if (HeapTupleHeaderIsHotUpdated(curr_htup) &&
680+
if ((curr_htup->t_infomask2 & HEAP_HOT_UPDATED) &&
677681
!HeapTupleHeaderIsHeapOnly(next_htup))
678682
{
679683
report_corruption(&ctx,

0 commit comments

Comments
 (0)