granicus.if.org Git - postgresql/commit

author	Andres Freund <andres@anarazel.de>
	Tue, 18 Jun 2019 22:51:04 +0000 (15:51 -0700)
committer	Andres Freund <andres@anarazel.de>
	Tue, 18 Jun 2019 22:51:04 +0000 (15:51 -0700)
commit	23224563d97913aa824d04c498d59ad4d85fda38
tree	9bec0b63d91c70997d72e1167cedec1ec8d91e3b	tree \| snapshot
parent	8b21b416ed621501db3be38817c298c57470524f	commit \| diff

Fix memory corruption/crash in ANALYZE.

This fixes an embarrassing oversight I (Andres) made in 737a292b,
namely missing two place where liverows/deadrows were used when
converting those variables to pointers, leading to incrementing the
pointer, rather than the value.

It's not that actually that easy to trigger a crash: One needs tuples
deleted by the current transaction, followed by a tuple deleted in
another session, all in one page. Which is presumably why this hasn't
been noticed before.

Reported-By: Steve Singer
Author: Steve Singer
Discussion: https://postgr.es/m/c7988239-d42c-ddc4-41db-171b23b35e4f@ssinger.info

src/backend/access/heap/heapam_handler.c		diff \| blob \| history
src/test/regress/expected/vacuum.out		diff \| blob \| history
src/test/regress/sql/vacuum.sql		diff \| blob \| history