Fix user-after-free bug.

Introduced by commit aea5d298362e881b13d95a48c5ae116879237389.

Patch from Amit Kapila.  Issue discovered independently by Amit Kapila
and Ashutosh Sharma.

diff --git a/src/backend/postmaster/bgworker.c b/src/backend/postmaster/bgworker.c
index 42760b92bb1a286a87cb8b2929ca8a8bdf9c89a8..10e0f88b0de49f666fda1d0c78b30aae4a092de8 100644 (file)
--- a/src/backend/postmaster/bgworker.c
+++ b/src/backend/postmaster/bgworker.c
@@ -440,12 +440,14 @@ ReportBackgroundWorkerExit(slist_mutable_iter *cur)
 {
        RegisteredBgWorker *rw;
        BackgroundWorkerSlot *slot;
+       int             notify_pid;
 
        rw = slist_container(RegisteredBgWorker, rw_lnode, cur->cur);
 
        Assert(rw->rw_shmem_slot < max_worker_processes);
        slot = &BackgroundWorkerData->slot[rw->rw_shmem_slot];
        slot->pid = rw->rw_pid;
+       notify_pid = rw->rw_worker.bgw_notify_pid;
 
        /*
         * If this worker is slated for deregistration, do that before notifying
@@ -458,8 +460,8 @@ ReportBackgroundWorkerExit(slist_mutable_iter *cur)
                rw->rw_worker.bgw_restart_time == BGW_NEVER_RESTART)
                ForgetBackgroundWorker(cur);
 
-       if (rw->rw_worker.bgw_notify_pid != 0)
-               kill(rw->rw_worker.bgw_notify_pid, SIGUSR1);
+       if (notify_pid != 0)
+               kill(notify_pid, SIGUSR1);
 }
 
 /*