From: Robert Haas <rhaas@postgresql.org>
Date: Wed, 28 Sep 2016 15:19:46 +0000 (-0400)
Subject: Fix dangling pointer problem in ReorderBufferSerializeChange.
X-Git-Tag: REL_10_BETA1~1660
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=308985b0b404a5891a1a629f38cc46c2b2dcb4be;p=postgresql

Fix dangling pointer problem in ReorderBufferSerializeChange.

Commit 3fe3511d05127cc024b221040db2eeb352e7d716 introduced a new
case into this function, but neglected to ensure that the "ondisk"
pointer got updated after a possible reallocation as the code does
in other cases.

Stas Kelvich, per diagnosis by Konstantin Knizhnik.
---

diff --git a/src/backend/replication/logical/reorderbuffer.c b/src/backend/replication/logical/reorderbuffer.c
index 9b430b9acb..e2a502c443 100644
--- a/src/backend/replication/logical/reorderbuffer.c
+++ b/src/backend/replication/logical/reorderbuffer.c
@@ -2250,6 +2250,9 @@ ReorderBufferSerializeChange(ReorderBuffer *rb, ReorderBufferTXN *txn,
 
 				data = ((char *) rb->outbuf) + sizeof(ReorderBufferDiskChange);
 
+				/* might have been reallocated above */
+				ondisk = (ReorderBufferDiskChange *) rb->outbuf;
+
 				/* write the prefix including the size */
 				memcpy(data, &prefix_size, sizeof(Size));
 				data += sizeof(Size);