Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6088696

Browse files
committed
Prevent possible double-free when update trigger returns old tuple.
This is a variant of the problem fixed in commit25b6925, whichunfortunately we failed to detect at the time. If an update triggerreturns the "old" tuple, as it's entitled to do, then a subsequentiteration of the loop in ExecBRUpdateTriggers would have "oldtuple"equal to "trigtuple" and would fail to notice that it shouldn'tfree that.In addition to fixing the code, extend the test case added by25b6925 so that it covers multiple-trigger-iterations cases.This problem does not manifest in v12/HEAD, as a result of therelevant code having been largely rewritten for slotification.However, include the test case into v12/HEAD anyway, since thisis clearly an area that someone could break again in future.Per report from Piotr Gabriel Kosinski. Back-patch into allsupported branches, since the bug seems quite old.Diagnosis and code fix by Thomas Munro, test case by me.Discussion:https://postgr.es/m/CAFMLSdP0rd7LqC3j-H6Fh51FYSt5A10DDh-3=W4PPc4LLUQ8YQ@mail.gmail.com
1 parente3ddb11 commit6088696

File tree

3 files changed

+108
-1
lines changed

3 files changed

+108
-1
lines changed

‎src/backend/commands/trigger.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2806,7 +2806,9 @@ ExecBRUpdateTriggers(EState *estate, EPQState *epqstate,
28062806
relinfo->ri_TrigFunctions,
28072807
relinfo->ri_TrigInstrument,
28082808
GetPerTupleMemoryContext(estate));
2809-
if (oldtuple!=newtuple&&oldtuple!=slottuple)
2809+
if (oldtuple!=newtuple&&
2810+
oldtuple!=slottuple&&
2811+
oldtuple!=trigtuple)
28102812
heap_freetuple(oldtuple);
28112813
if (newtuple==NULL)
28122814
{

‎src/test/regress/expected/triggers.out

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,76 @@ select * from trigtest;
158158
----+----
159159
(0 rows)
160160

161+
-- Also check what happens when such a trigger runs before or after others
162+
create function f1_times_10() returns trigger as
163+
$$ begin new.f1 := new.f1 * 10; return new; end $$ language plpgsql;
164+
create trigger trigger_alpha
165+
before insert or update on trigtest
166+
for each row execute procedure f1_times_10();
167+
insert into trigtest values(1, 'foo');
168+
select * from trigtest;
169+
f1 | f2
170+
----+-----
171+
10 | foo
172+
(1 row)
173+
174+
update trigtest set f2 = f2 || 'bar';
175+
select * from trigtest;
176+
f1 | f2
177+
----+-----
178+
10 | foo
179+
(1 row)
180+
181+
delete from trigtest;
182+
select * from trigtest;
183+
f1 | f2
184+
----+----
185+
(0 rows)
186+
187+
create trigger trigger_zed
188+
before insert or update on trigtest
189+
for each row execute procedure f1_times_10();
190+
insert into trigtest values(1, 'foo');
191+
select * from trigtest;
192+
f1 | f2
193+
-----+-----
194+
100 | foo
195+
(1 row)
196+
197+
update trigtest set f2 = f2 || 'bar';
198+
select * from trigtest;
199+
f1 | f2
200+
------+-----
201+
1000 | foo
202+
(1 row)
203+
204+
delete from trigtest;
205+
select * from trigtest;
206+
f1 | f2
207+
----+----
208+
(0 rows)
209+
210+
drop trigger trigger_alpha on trigtest;
211+
insert into trigtest values(1, 'foo');
212+
select * from trigtest;
213+
f1 | f2
214+
----+-----
215+
10 | foo
216+
(1 row)
217+
218+
update trigtest set f2 = f2 || 'bar';
219+
select * from trigtest;
220+
f1 | f2
221+
-----+-----
222+
100 | foo
223+
(1 row)
224+
225+
delete from trigtest;
226+
select * from trigtest;
227+
f1 | f2
228+
----+----
229+
(0 rows)
230+
161231
drop table trigtest;
162232
create sequence ttdummy_seq increment 10 start 0 minvalue 0;
163233
create table tttest (

‎src/test/regress/sql/triggers.sql

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,41 @@ select * from trigtest;
145145
deletefrom trigtest;
146146
select*from trigtest;
147147

148+
-- Also check what happens when such a trigger runs before or after others
149+
createfunctionf1_times_10() returns triggeras
150+
$$beginnew.f1 :=new.f1*10; return new; end $$ language plpgsql;
151+
152+
createtriggertrigger_alpha
153+
before insertorupdateon trigtest
154+
for each row execute procedure f1_times_10();
155+
156+
insert into trigtestvalues(1,'foo');
157+
select*from trigtest;
158+
update trigtestset f2= f2||'bar';
159+
select*from trigtest;
160+
deletefrom trigtest;
161+
select*from trigtest;
162+
163+
createtriggertrigger_zed
164+
before insertorupdateon trigtest
165+
for each row execute procedure f1_times_10();
166+
167+
insert into trigtestvalues(1,'foo');
168+
select*from trigtest;
169+
update trigtestset f2= f2||'bar';
170+
select*from trigtest;
171+
deletefrom trigtest;
172+
select*from trigtest;
173+
174+
droptrigger trigger_alphaon trigtest;
175+
176+
insert into trigtestvalues(1,'foo');
177+
select*from trigtest;
178+
update trigtestset f2= f2||'bar';
179+
select*from trigtest;
180+
deletefrom trigtest;
181+
select*from trigtest;
182+
148183
droptable trigtest;
149184

150185
createsequencettdummy_seq increment10 start0 minvalue0;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp