Fix memory lifetime issues of replication slot stats.

When accessing replication slot stats, introduced in 9868167500, pgstat_read_statsfiles() reads the data into newly allocated memory. Unfortunately the current memory context at that point is the callers, leading to leaks and use-after-free dangers. The fix is trivial, explicitly use pgStatLocalContext. There's some potential for further improvements, but that's outside of the scope of this bugfix. No backpatch necessary, feature is only in HEAD. Author: Andres Freund <andres@anarazel.de> Discussion: https://postgr.es/m/20210317230447.c7uc4g3vbs4wi32i@alap3.anarazel.de
2021-03-17 16:18:37 -07:00 · 2021-03-17 16:18:37 -07:00 · 5f79580ad6
parent 70945649d7
commit 5f79580ad6
3 changed files with 28 additions and 1 deletions
--- a/contrib/test_decoding/expected/stats.out
+++ b/contrib/test_decoding/expected/stats.out
@ -101,6 +101,22 @@ SELECT slot_name, spill_txns > 0 AS spill_txns, spill_count > 0 AS spill_count F
 regression_slot | t          | t
 (1 row)

+-- Ensure stats can be repeatedly accessed using the same stats snapshot. See
+-- https://postgr.es/m/20210317230447.c7uc4g3vbs4wi32i%40alap3.anarazel.de
+BEGIN;
+SELECT slot_name FROM pg_stat_replication_slots;
+    slot_name    
+-----------------
+ regression_slot
+(1 row)
+
+SELECT slot_name FROM pg_stat_replication_slots;
+    slot_name    
+-----------------
+ regression_slot
+(1 row)
+
+COMMIT;
 DROP FUNCTION wait_for_decode_stats(bool);
 DROP TABLE stats_test;
 SELECT pg_drop_replication_slot('regression_slot');
--- a/contrib/test_decoding/sql/stats.sql
+++ b/contrib/test_decoding/sql/stats.sql
@ -59,6 +59,13 @@ SELECT count(*) FROM pg_logical_slot_peek_changes('regression_slot', NULL, NULL,
 SELECT wait_for_decode_stats(false);
 SELECT slot_name, spill_txns > 0 AS spill_txns, spill_count > 0 AS spill_count FROM pg_stat_replication_slots;

+-- Ensure stats can be repeatedly accessed using the same stats snapshot. See
+-- https://postgr.es/m/20210317230447.c7uc4g3vbs4wi32i%40alap3.anarazel.de
+BEGIN;
+SELECT slot_name FROM pg_stat_replication_slots;
+SELECT slot_name FROM pg_stat_replication_slots;
+COMMIT;
+
 DROP FUNCTION wait_for_decode_stats(bool);
 DROP TABLE stats_test;
 SELECT pg_drop_replication_slot('regression_slot');
--- a/src/backend/postmaster/pgstat.c
+++ b/src/backend/postmaster/pgstat.c
@ -5568,7 +5568,9 @@ pgstat_read_statsfiles(Oid onlydb, bool permanent, bool deep)
 						 HASH_ELEM | HASH_BLOBS | HASH_CONTEXT);

 	/* Allocate the space for replication slot statistics */
-	replSlotStats = palloc0(max_replication_slots * sizeof(PgStat_ReplSlotStats));
+	replSlotStats = MemoryContextAllocZero(pgStatLocalContext,
+										   max_replication_slots
+										   * sizeof(PgStat_ReplSlotStats));
 	nReplSlotStats = 0;

 	/*
@ -6323,6 +6325,8 @@ pgstat_clear_snapshot(void)
 	pgStatDBHash = NULL;
 	localBackendStatusTable = NULL;
 	localNumBackends = 0;
+	replSlotStats = NULL;
+	nReplSlotStats = 0;
 }