Skip to content

Commit fc7a38f

Browse files
hlinnakahlinnaka
committed
Fix snapshot leak if lo_open called on non-existent object.
lo_open registers the currently active snapshot, and checks if the large object exists after that. Normally, snapshots registered by lo_open are unregistered at end of transaction when the lo descriptor is closed, but if we error out before the lo descriptor is added to the list of open descriptors, it is leaked. Fix by moving the snapshot registration to after checking if the large object exists. Reported by Pavel Stehule. Backpatch to 8.4. The snapshot registration system was introduced in 8.4, so prior versions are not affected (and not supported, anyway).
1 parent 59d30d9 commit fc7a38f

File tree

1 file changed

+26
-18
lines changed

1 file changed

+26
-18
lines changed

src/backend/storage/large_object/inv_api.c

Lines changed: 26 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -239,39 +239,47 @@ LargeObjectDesc *
239239
inv_open(Oid lobjId, int flags, MemoryContext mcxt)
240240
{
241241
LargeObjectDesc *retval;
242-
243-
retval = (LargeObjectDesc *) MemoryContextAlloc(mcxt,
244-
sizeof(LargeObjectDesc));
245-
246-
retval->id = lobjId;
247-
retval->subid = GetCurrentSubTransactionId();
248-
retval->offset = 0;
242+
Snapshot snapshot = NULL;
243+
int descflags = 0;
249244

250245
if (flags & INV_WRITE)
251246
{
252-
retval->snapshot = SnapshotNow;
253-
retval->flags = IFS_WRLOCK | IFS_RDLOCK;
247+
snapshot = SnapshotNow;
248+
descflags = IFS_WRLOCK | IFS_RDLOCK;
254249
}
255250
else if (flags & INV_READ)
256251
{
257-
/*
258-
* We must register the snapshot in TopTransaction's resowner, because
259-
* it must stay alive until the LO is closed rather than until the
260-
* current portal shuts down.
261-
*/
262-
retval->snapshot = RegisterSnapshotOnOwner(GetActiveSnapshot(),
263-
TopTransactionResourceOwner);
264-
retval->flags = IFS_RDLOCK;
252+
snapshot = GetActiveSnapshot();
253+
descflags = IFS_RDLOCK;
265254
}
266255
else
267256
elog(ERROR, "invalid flags: %d", flags);
268257

269258
/* Can't use LargeObjectExists here because it always uses SnapshotNow */
270-
if (!myLargeObjectExists(lobjId, retval->snapshot))
259+
if (!myLargeObjectExists(lobjId, snapshot))
271260
ereport(ERROR,
272261
(errcode(ERRCODE_UNDEFINED_OBJECT),
273262
errmsg("large object %u does not exist", lobjId)));
274263

264+
/*
265+
* We must register the snapshot in TopTransaction's resowner, because
266+
* it must stay alive until the LO is closed rather than until the
267+
* current portal shuts down. Do this after checking that the LO exists,
268+
* to avoid leaking the snapshot if an error is thrown.
269+
*/
270+
if (snapshot != SnapshotNow)
271+
snapshot = RegisterSnapshotOnOwner(snapshot,
272+
TopTransactionResourceOwner);
273+
274+
/* All set, create a descriptor */
275+
retval = (LargeObjectDesc *) MemoryContextAlloc(mcxt,
276+
sizeof(LargeObjectDesc));
277+
retval->id = lobjId;
278+
retval->subid = GetCurrentSubTransactionId();
279+
retval->offset = 0;
280+
retval->snapshot = snapshot;
281+
retval->flags = descflags;
282+
275283
return retval;
276284
}
277285

0 commit comments

Comments
 (0)