mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-08-23 09:30:40 +02:00
3f074845a8
GiST's getNextNearest() function attempts to pfree the previously-returned tuple if any (that is, scan->xs_hitup in HEAD, or scan->xs_itup in older branches). However, if we are rescanning a plan node after ending a previous scan early, those tuple pointers could be pointing to garbage, because they would be pointing into the scan's pageDataCxt or queueCxt which has been reset. In a debug build this reliably results in a crash, although I think it might sometimes accidentally fail to fail in production builds. To fix, clear the pointer field anyplace we reset a context it might be pointing into. This may be overkill --- I think probably only the queueCxt case is involved in this bug, so that resetting in gistrescan() would be sufficient --- but dangling pointers are generally bad news, so let's avoid them. Another plausible answer might be to just not bother with the pfree in getNextNearest(). The reconstructed tuples would go away anyway in the context resets, and I'm far from convinced that freeing them a bit earlier really saves anything meaningful. I'll stick with the original logic in this patch, but if we find more problems in the same area we should consider that approach. Per bug #14641 from Denis Smirnov. Back-patch to 9.5 where this logic was introduced. Discussion: https://postgr.es/m/20170504072034.24366.57688@wrigleys.postgresql.org |
||
|---|---|---|
| .. | ||
| data | ||
| expected | ||
| input | ||
| output | ||
| sql | ||
| .gitignore | ||
| GNUmakefile | ||
| Makefile | ||
| parallel_schedule | ||
| pg_regress_main.c | ||
| pg_regress.c | ||
| pg_regress.h | ||
| README | ||
| regress.c | ||
| regressplans.sh | ||
| resultmap | ||
| serial_schedule | ||
| standby_schedule | ||
Documentation concerning how to run these regression tests and interpret the results can be found in the PostgreSQL manual, in the chapter "Regression Tests".