summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRichard Guo <rguo@postgresql.org>2025-02-19 11:05:35 +0900
committerRichard Guo <rguo@postgresql.org>2025-02-19 11:16:10 +0900
commita38a7ad51ec8dc558d71806d7f1aee986723ccbc (patch)
tree16ea0fe297f270c22073947e8c796f1481a68ddc /src
parente9c95c6d3616f4c106df763067fc40b0ca6efbd4 (diff)
Fix unsafe access to BufferDescriptors
When considering a local buffer, the GetBufferDescriptor() call in BufferGetLSNAtomic() would be retrieving a shared buffer with a bad buffer ID. Since the code checks whether the buffer is shared before using the retrieved BufferDesc, this issue did not lead to any malfunction. Nonetheless this seems like trouble waiting to happen, so fix it by ensuring that GetBufferDescriptor() is only called when we know the buffer is shared. Author: Tender Wang <tndrwang@gmail.com> Reviewed-by: Xuneng Zhou <xunengzhou@gmail.com> Reviewed-by: Richard Guo <guofenglinux@gmail.com> Discussion: https://postgr.es/m/CAHewXNku-o46-9cmUgyv6LkSZ25doDrWq32p=oz9kfD8ovVJMg@mail.gmail.com Backpatch-through: 13
Diffstat (limited to 'src')
-rw-r--r--src/backend/storage/buffer/bufmgr.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/storage/buffer/bufmgr.c b/src/backend/storage/buffer/bufmgr.c
index 69a14016547..92eeb72dd73 100644
--- a/src/backend/storage/buffer/bufmgr.c
+++ b/src/backend/storage/buffer/bufmgr.c
@@ -2897,8 +2897,8 @@ BufferIsPermanent(Buffer buffer)
XLogRecPtr
BufferGetLSNAtomic(Buffer buffer)
{
- BufferDesc *bufHdr = GetBufferDescriptor(buffer - 1);
char *page = BufferGetPage(buffer);
+ BufferDesc *bufHdr;
XLogRecPtr lsn;
uint32 buf_state;
@@ -2912,6 +2912,7 @@ BufferGetLSNAtomic(Buffer buffer)
Assert(BufferIsValid(buffer));
Assert(BufferIsPinned(buffer));
+ bufHdr = GetBufferDescriptor(buffer - 1);
buf_state = LockBufHdr(bufHdr);
lsn = PageGetLSN(page);
UnlockBufHdr(bufHdr, buf_state);
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-04 06:02:53 +0000