XLogInsert() of dangling pointer while logging replica identity

Started by Stas Kelvichabout 7 years ago3 messageshackers

s.kelvich@postgrespro.ru

about 7 years ago

Hi, hackers.

It seems that heapam.c:3082 calls XLogRegisterData() with an argument
allocated on stack, but following call to XLogInsert() happens after
end of context for that variable.
Issue spotted by clang's AddressSanitizer. Fix attached.

--
Stas Kelvich
Postgres Professional: http://www.postgrespro.com
The Russian Postgres Company

Michael Paquier

michael@paquier.xyz

about 7 years ago

In reply to: Stas Kelvich (#1)

Re: XLogInsert() of dangling pointer while logging replica identity

On Thu, Jan 31, 2019 at 11:51:36PM +0300, Stas Kelvich wrote:

It seems that heapam.c:3082 calls XLogRegisterData() with an argument
allocated on stack, but following call to XLogInsert() happens after
end of context for that variable.
Issue spotted by clang's AddressSanitizer. Fix attached.

Oh, good catch. Committed and back-patched down to 9.4.
--
Michael

Andres Freund

andres@anarazel.de

about 7 years ago

In reply to: Michael Paquier (#2)

Re: XLogInsert() of dangling pointer while logging replica identity

On 2019-02-01 10:38:49 +0900, Michael Paquier wrote:

On Thu, Jan 31, 2019 at 11:51:36PM +0300, Stas Kelvich wrote:

It seems that heapam.c:3082 calls XLogRegisterData() with an argument
allocated on stack, but following call to XLogInsert() happens after
end of context for that variable.
Issue spotted by clang's AddressSanitizer. Fix attached.

Oh, good catch. Committed and back-patched down to 9.4.

Thanks Stas and Michael!

XLogInsert() of dangling pointer while logging replica identity

Attachments: