From 1605f513ad691b463baacc00e3c305655525ea07 Mon Sep 17 00:00:00 2001
From: Bertrand Drouvot <bertranddrouvot.pg@gmail.com>
Date: Mon, 31 Mar 2025 07:02:34 +0000
Subject: [PATCH v1] Fix heap-use-after-free in
 pgstat_fetch_stat_backend_by_pid()

With stats_fetch_consistency set to snapshot the beentry is reset during
the pgstat_fetch_stat_backend() call. So moving this call at the end of
pgstat_fetch_stat_backend_by_pid().

Reported-by: Alexander Lakhin <exclusion@gmail.com>
---
 src/backend/utils/activity/pgstat_backend.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 100.0% src/backend/utils/activity/

diff --git a/src/backend/utils/activity/pgstat_backend.c b/src/backend/utils/activity/pgstat_backend.c
index 187c5c76e1e..ec95c302af8 100644
--- a/src/backend/utils/activity/pgstat_backend.c
+++ b/src/backend/utils/activity/pgstat_backend.c
@@ -133,10 +133,6 @@ pgstat_fetch_stat_backend_by_pid(int pid, BackendType *bktype)
 	if (!pgstat_tracks_backend_bktype(beentry->st_backendType))
 		return NULL;
 
-	backend_stats = pgstat_fetch_stat_backend(procNumber);
-	if (!backend_stats)
-		return NULL;
-
 	/* if PID does not match, leave */
 	if (beentry->st_procpid != pid)
 		return NULL;
@@ -144,6 +140,10 @@ pgstat_fetch_stat_backend_by_pid(int pid, BackendType *bktype)
 	if (bktype)
 		*bktype = beentry->st_backendType;
 
+	backend_stats = pgstat_fetch_stat_backend(procNumber);
+	if (!backend_stats)
+		return NULL;
+
 	return backend_stats;
 }
 
-- 
2.34.1