Skip to content

Commit 05d24cf

Browse files
michaelpqmichaelpq
committed
Fix use of dangling pointer in heap_delete() when logging replica identity
When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE records include references of the old tuple. Its data is stored in an intermediate variable used to register this information for the WAL record, but this variable gets away from the stack when the record gets actually inserted. Spotted by clang's AddressSanitizer. Author: Stas Kelvish Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru Backpatch-through: 9.4
1 parent 452253e commit 05d24cf

File tree

1 file changed

+1
-2
lines changed

1 file changed

+1
-2
lines changed

src/backend/access/heap/heapam.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2938,6 +2938,7 @@ heap_delete(Relation relation, ItemPointer tid,
29382938
if (RelationNeedsWAL(relation))
29392939
{
29402940
xl_heap_delete xlrec;
2941+
xl_heap_header xlhdr;
29412942
XLogRecPtr recptr;
29422943
XLogRecData rdata[4];
29432944

@@ -2967,8 +2968,6 @@ heap_delete(Relation relation, ItemPointer tid,
29672968
*/
29682969
if (old_key_tuple != NULL)
29692970
{
2970-
xl_heap_header xlhdr;
2971-
29722971
xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2;
29732972
xlhdr.t_infomask = old_key_tuple->t_data->t_infomask;
29742973
xlhdr.t_hoff = old_key_tuple->t_data->t_hoff;

0 commit comments

Comments
 (0)