Skip to content

Commit edd9a2b

Browse files
jeff-davisjeff-davis
committed
Fix assign_record_type_typmod().
If an error occurred in the wrong place, it was possible to leave an unintialized entry in the hash table, leading to a crash. Fixed. Also, be more careful about the order of operations so that an allocation error doesn't leak memory in CacheMemoryContext or unnecessarily advance NextRecordTypmod. Backpatch through version 11. Earlier versions (prior to 35ea756) do not exhibit the problem, because an uninitialized hash entry contains a valid empty list. Author: Sait Talha Nisanci <Sait.Nisanci@microsoft.com> Reviewed-by: Andres Freund Discussion: https://postgr.es/m/HE1PR8303MB009069D476225B9A9E194B8891779@HE1PR8303MB0090.EURPRD83.prod.outlook.com Backpatch-through: 11
1 parent 9fca23c commit edd9a2b

File tree

1 file changed

+23
-5
lines changed

1 file changed

+23
-5
lines changed

src/backend/utils/cache/typcache.c

Lines changed: 23 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1855,36 +1855,54 @@ assign_record_type_typmod(TupleDesc tupDesc)
18551855
CreateCacheMemoryContext();
18561856
}
18571857

1858-
/* Find or create a hashtable entry for this tuple descriptor */
1858+
/*
1859+
* Find a hashtable entry for this tuple descriptor. We don't use
1860+
* HASH_ENTER yet, because if it's missing, we need to make sure that all
1861+
* the allocations succeed before we create the new entry.
1862+
*/
18591863
recentry = (RecordCacheEntry *) hash_search(RecordCacheHash,
18601864
(void *) &tupDesc,
1861-
HASH_ENTER, &found);
1865+
HASH_FIND, &found);
18621866
if (found && recentry->tupdesc != NULL)
18631867
{
18641868
tupDesc->tdtypmod = recentry->tupdesc->tdtypmod;
18651869
return;
18661870
}
18671871

18681872
/* Not present, so need to manufacture an entry */
1869-
recentry->tupdesc = NULL;
18701873
oldcxt = MemoryContextSwitchTo(CacheMemoryContext);
18711874

18721875
/* Look in the SharedRecordTypmodRegistry, if attached */
18731876
entDesc = find_or_make_matching_shared_tupledesc(tupDesc);
18741877
if (entDesc == NULL)
18751878
{
1879+
/*
1880+
* Make sure we have room before we CreateTupleDescCopy() or advance
1881+
* NextRecordTypmod.
1882+
*/
1883+
ensure_record_cache_typmod_slot_exists(NextRecordTypmod);
1884+
18761885
/* Reference-counted local cache only. */
18771886
entDesc = CreateTupleDescCopy(tupDesc);
18781887
entDesc->tdrefcount = 1;
18791888
entDesc->tdtypmod = NextRecordTypmod++;
18801889
}
1881-
ensure_record_cache_typmod_slot_exists(entDesc->tdtypmod);
1890+
else
1891+
{
1892+
ensure_record_cache_typmod_slot_exists(entDesc->tdtypmod);
1893+
}
1894+
18821895
RecordCacheArray[entDesc->tdtypmod] = entDesc;
1883-
recentry->tupdesc = entDesc;
18841896

18851897
/* Assign a unique tupdesc identifier, too. */
18861898
RecordIdentifierArray[entDesc->tdtypmod] = ++tupledesc_id_counter;
18871899

1900+
/* Fully initialized; create the hash table entry */
1901+
recentry = (RecordCacheEntry *) hash_search(RecordCacheHash,
1902+
(void *) &tupDesc,
1903+
HASH_ENTER, NULL);
1904+
recentry->tupdesc = entDesc;
1905+
18881906
/* Update the caller's tuple descriptor. */
18891907
tupDesc->tdtypmod = entDesc->tdtypmod;
18901908

0 commit comments

Comments
 (0)