From f8ebab901bd27d39e1f45445eae302db628ba8e3 Mon Sep 17 00:00:00 2001 From: Alvaro Herrera Date: Thu, 8 Feb 2007 13:52:55 +0000 Subject: [PATCH] Fix reference-after-free in the new btree page split code, as reported by the buildfarm via Stefan Kaltenbrunner. Patch from Heikki Linnakangas. --- src/backend/access/nbtree/nbtinsert.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/backend/access/nbtree/nbtinsert.c b/src/backend/access/nbtree/nbtinsert.c index 7320e7cdbc..98a46ab585 100644 --- a/src/backend/access/nbtree/nbtinsert.c +++ b/src/backend/access/nbtree/nbtinsert.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/access/nbtree/nbtinsert.c,v 1.150 2007/02/08 05:05:53 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/access/nbtree/nbtinsert.c,v 1.151 2007/02/08 13:52:55 alvherre Exp $ * *------------------------------------------------------------------------- */ @@ -953,7 +953,7 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, xlrec.rightsib = BufferGetBlockNumber(rbuf); xlrec.firstright = firstright; xlrec.rnext = ropaque->btpo_next; - xlrec.level = lopaque->btpo.level; + xlrec.level = ropaque->btpo.level; rdata[0].data = (char *) &xlrec; rdata[0].len = SizeOfBtreeSplit; @@ -962,7 +962,7 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, lastrdata = &rdata[0]; /* Log downlink on non-leaf pages. */ - if (lopaque->btpo.level > 0) + if (ropaque->btpo.level > 0) { lastrdata->next = lastrdata + 1; lastrdata++; @@ -1040,8 +1040,8 @@ _bt_split(Relation rel, Buffer buf, OffsetNumber firstright, recptr = XLogInsert(RM_BTREE_ID, xlinfo, rdata); - PageSetLSN(leftpage, recptr); - PageSetTLI(leftpage, ThisTimeLineID); + PageSetLSN(origpage, recptr); + PageSetTLI(origpage, ThisTimeLineID); PageSetLSN(rightpage, recptr); PageSetTLI(rightpage, ThisTimeLineID); if (!P_RIGHTMOST(ropaque)) -- 2.40.0