]> granicus.if.org Git - postgresql/commitdiff
projects / postgresql / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10c0558)
Fix crash bug in RestoreSnapshot.
authorRobert Haas <rhaas@postgresql.org>
Fri, 1 Jul 2016 12:51:58 +0000 (08:51 -0400)
committerRobert Haas <rhaas@postgresql.org>
Fri, 1 Jul 2016 13:04:11 +0000 (09:04 -0400)
If serialized_snapshot->subxcnt > 0 and serialized_snapshot->xcnt == 0,
the old coding would do the wrong thing and crash.  This can happen
on standby servers.

Report by Andreas Seltenreich.  Patch by Thomas Munro, reviewed by
Amit Kapila and tested by Andreas Seltenreich.

src/backend/utils/time/snapmgr.c patch | blob | history

diff --git a/src/backend/utils/time/snapmgr.c b/src/backend/utils/time/snapmgr.c
index dfe2c703960e7c293f9f7ad820a7df262a13afdd..e1caf01c603b4b0559086dc8960a29f38b100f23 100644 (file)
--- a/src/backend/utils/time/snapmgr.c
+++ b/src/backend/utils/time/snapmgr.c
@@ -2016,7 +2016,8 @@ RestoreSnapshot(char *start_address)
        /* Copy SubXIDs, if present. */
        if (serialized_snapshot->subxcnt > 0)
        {
-               snapshot->subxip = snapshot->xip + serialized_snapshot->xcnt;
+               snapshot->subxip = ((TransactionId *) (snapshot + 1)) +
+                       serialized_snapshot->xcnt;
                memcpy(snapshot->subxip, serialized_xids + serialized_snapshot->xcnt,
                           serialized_snapshot->subxcnt * sizeof(TransactionId));
        }
Unnamed repository; edit this file 'description' to name the repository.