granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 8 Nov 2017 21:50:13 +0000 (16:50 -0500)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 8 Nov 2017 21:50:13 +0000 (16:50 -0500)
commit	442bc4160caee01579f5c112c23d9bb5f121f6b6
tree	834de89f501d14daa35065b951ca295808e0c26b	tree \| snapshot
parent	e836502d64ba7fc936d8c273125e4ac298773e76	commit \| diff

Fix two violations of the ResourceOwnerEnlarge/Remember protocol.

The point of having separate ResourceOwnerEnlargeFoo and
ResourceOwnerRememberFoo functions is so that resource allocation
can happen in between.  Doing it in some other order is just wrong.

OpenTemporaryFile() did open(), enlarge, remember, which would leak the
open file if the enlarge step ran out of memory.  Because fd.c has its own
layer of resource-remembering, the consequences look like they'd be limited
to an intratransaction FD leak, but it's still not good.

IncrBufferRefCount() did enlarge, remember, incr-refcount, which would blow
up if the incr-refcount step ever failed.  It was safe enough when written,
but since the introduction of PrivateRefCountHash, I think the assumption
that no error could happen there is pretty shaky.

The odds of real problems from either bug are probably small, but still,
back-patch to supported branches.

Thomas Munro and Tom Lane, per a comment from Andres Freund

src/backend/storage/buffer/bufmgr.c		diff \| blob \| history
src/backend/storage/file/fd.c		diff \| blob \| history