Fix dangling pointer problem in ReorderBufferSerializeChange.

Commit 3fe3511d05127cc024b221040db2eeb352e7d716 introduced a new
case into this function, but neglected to ensure that the "ondisk"
pointer got updated after a possible reallocation as the code does
in other cases.

Stas Kelvich, per diagnosis by Konstantin Knizhnik.

diff --git a/src/backend/replication/logical/reorderbuffer.c b/src/backend/replication/logical/reorderbuffer.c
index 43b584cf7e2d771dc697590de0438d22e926c795..0fdb7fb8f73a6485b415c1abccb32ef2883245ff 100644 (file)
--- a/src/backend/replication/logical/reorderbuffer.c
+++ b/src/backend/replication/logical/reorderbuffer.c
@@ -2252,6 +2252,9 @@ ReorderBufferSerializeChange(ReorderBuffer *rb, ReorderBufferTXN *txn,
 
                                data = ((char *) rb->outbuf) + sizeof(ReorderBufferDiskChange);
 
+                               /* might have been reallocated above */
+                               ondisk = (ReorderBufferDiskChange *) rb->outbuf;
+
                                /* write the prefix including the size */
                                memcpy(data, &prefix_size, sizeof(Size));
                                data += sizeof(Size);