From: Alvaro Herrera Date: Thu, 8 Feb 2007 13:52:55 +0000 (+0000) Subject: Fix reference-after-free in the new btree page split code, as reported by X-Git-Tag: REL8_3_BETA1~1284 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f8ebab901bd27d39e1f45445eae302db628ba8e3;p=postgresql Fix reference-after-free in the new btree page split code, as reported by the buildfarm via Stefan Kaltenbrunner. Patch from Heikki Linnakangas. --- diff --git a/src/backend/access/nbtree/nbtinsert.c b/src/backend/access/nbtree/nbtinsert.c index 7320e7cdbc..98a46ab585 100644 --- a/src/backend/access/nbtree/nbtinsert.c +++ b/src/backend/access/nbtree/nbtinsert.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/access/nbtree/nbtinsert.c,v 1.150 2007/02/08 05:05:53 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/access/nbtree/nbtinsert.c,v 1.151 2007/02/08 13:52:55 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -953,7 +953,7 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, xlrec.rightsib = BufferGetBlockNumber(rbuf); xlrec.firstright = firstright; xlrec.rnext = ropaque->btpo_next; - xlrec.level = lopaque->btpo.level; + xlrec.level = ropaque->btpo.level; rdata[0].data = (char *) &xlrec; rdata[0].len = SizeOfBtreeSplit; @@ -962,7 +962,7 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, lastrdata = &rdata[0]; /* Log downlink on non-leaf pages. */ - if (lopaque->btpo.level > 0) + if (ropaque->btpo.level > 0) { lastrdata->next = lastrdata + 1; lastrdata++; @@ -1040,8 +1040,8 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, recptr = XLogInsert(RM_BTREE_ID, xlinfo, rdata); - PageSetLSN(leftpage, recptr); - PageSetTLI(leftpage, ThisTimeLineID); + PageSetLSN(origpage, recptr); + PageSetTLI(origpage, ThisTimeLineID); PageSetLSN(rightpage, recptr); PageSetTLI(rightpage, ThisTimeLineID); if (!P_RIGHTMOST(ropaque))