From 90f1ba7ecf01f063c0e113c72afcf8c1a64ca285 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Fri, 1 Feb 2019 10:35:58 +0900 Subject: [PATCH] Fix use of dangling pointer in heap_delete() when logging replica identity When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE records include references of the old tuple. Its data is stored in an intermediate variable used to register this information for the WAL record, but this variable gets away from the stack when the record gets actually inserted. Spotted by clang's AddressSanitizer. Author: Stas Kelvish Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru Backpatch-through: 9.4 --- src/backend/access/heap/heapam.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index ca6525154b..c242f49752 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -3042,6 +3042,7 @@ l1: if (RelationNeedsWAL(relation)) { xl_heap_delete xlrec; + xl_heap_header xlhdr; XLogRecPtr recptr; /* For logical decode we need combocids to properly decode the catalog */ @@ -3072,8 +3073,6 @@ l1: */ if (old_key_tuple != NULL) { - xl_heap_header xlhdr; - xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2; xlhdr.t_infomask = old_key_tuple->t_data->t_infomask; xlhdr.t_hoff = old_key_tuple->t_data->t_hoff; -- 2.50.0