NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit87fed2a

committed

Fix dangling pointer in EvalPlanQual machinery.

EvalPlanQualStart() supposed that it could re-use the relsubs_rowmarkand relsubs_done arrays from a prior instantiation. But since they areallocated in the es_query_cxt of the recheckestate, that's just wrong;EvalPlanQualEnd() will blow away that storage. Therefore we were usingstorage that could have been reallocated to something else, causing allsorts of havoc.I think this was modeled on the old code's handling of es_epqTupleSlot,but since the code was anyway clearing the arrays at re-use, there'sclearly no expectation of importing any outside state. So it's justa dubious savings of a couple of pallocs, which is negligible comparedto setting up a new planstate tree. Therefore, just allocate thearrays always. (I moved the allocations slightly for readability.)In principle this bug could cause a problem whenever EPQ rechecks areneeded in more than one target table of a ModifyTable plan node.In practice it seems not quite so easy to trigger as that; I couldn'treadily duplicate a crash with a partitioned target table, for instance.That's probably down to incidental choices about when to free orreallocate stuff. The added isolation test case does seem to reliablyshow an assertion failure, though.Per report from Oleksii Kliukin. Back-patch to v12 where the bug wasintroduced (evidently by commit3fb307b).Discussion:https://postgr.es/m/EEF05F66-2871-4786-992B-5F45C92FEE2E@hintbits.com

1 parentf9d0be2 commit87fed2aCopy full SHA for 87fed2a

File tree

3 files changed

+22

-23

lines changed

src
- backend/executor
  - execMain.c
- test/isolation
  - expected
    - eval-plan-qual.out
  - specs
    - eval-plan-qual.spec

3 files changed

+22

-23

lines changed

`‎src/backend/executor/execMain.c`

Lines changed: 11 additions & 23 deletions

Original file line number	Diff line number	Diff line change
`@@ -2891,40 +2891,26 @@ EvalPlanQualStart(EPQState epqstate, Plan planTree)`
`2891`	`2891`	`subplanstate);`
`2892`	`2892`	`}`
`2893`	`2893`
`2894`		`-/*`
`2895`		`- * These arrays are reused across different plans set with`
`2896`		`- * EvalPlanQualSetPlan(), which is safe because they all use the same`
`2897`		`- * parent EState. Therefore we can reuse if already allocated.`
`2898`		`- */`
`2899`		`-if (epqstate->relsubs_rowmark==NULL)`
`2900`		`-{`
`2901`		`-Assert(epqstate->relsubs_done==NULL);`
`2902`		`-epqstate->relsubs_rowmark= (ExecAuxRowMark**)`
`2903`		`-palloc0(rtsizesizeof(ExecAuxRowMark));`
`2904`		`-epqstate->relsubs_done= (bool*)`
`2905`		`-palloc0(rtsize*sizeof(bool));`
`2906`		`-}`
`2907`		`-else`
`2908`		`-{`
`2909`		`-Assert(epqstate->relsubs_done!=NULL);`
`2910`		`-memset(epqstate->relsubs_rowmark,0,`
`2911`		`-rtsizesizeof(ExecAuxRowMark));`
`2912`		`-memset(epqstate->relsubs_done,0,`
`2913`		`-rtsize*sizeof(bool));`
`2914`		`-}`
`2915`		`-`
`2916`	`2894`	`/*`
`2917`	`2895`	`* Build an RTI indexed array of rowmarks, so that`
`2918`	`2896`	`* EvalPlanQualFetchRowMark() can efficiently access the to be fetched`
`2919`	`2897`	`* rowmark.`
`2920`	`2898`	`*/`
	`2899`	`+epqstate->relsubs_rowmark= (ExecAuxRowMark**)`
	`2900`	`+palloc0(rtsizesizeof(ExecAuxRowMark));`
`2921`	`2901`	`foreach(l,epqstate->arowMarks)`
`2922`	`2902`	`{`
`2923`	`2903`	`ExecAuxRowMarkearm= (ExecAuxRowMark)lfirst(l);`
`2924`	`2904`
`2925`	`2905`	`epqstate->relsubs_rowmark[earm->rowmark->rti-1]=earm;`
`2926`	`2906`	`}`
`2927`	`2907`
	`2908`	`+/*`
	`2909`	`+ * Initialize per-relation EPQ tuple states to not-fetched.`
	`2910`	`+ */`
	`2911`	`+epqstate->relsubs_done= (bool*)`
	`2912`	`+palloc0(rtsize*sizeof(bool));`
	`2913`	`+`
`2928`	`2914`	`/*`
`2929`	`2915`	`* Initialize the private state information for all the nodes in the part`
`2930`	`2916`	`* of the plan tree we need to run. This opens files, allocates storage`
`@@ -2993,7 +2979,9 @@ EvalPlanQualEnd(EPQState *epqstate)`
`2993`	`2979`	`FreeExecutorState(estate);`
`2994`	`2980`
`2995`	`2981`	`/* Mark EPQState idle */`
	`2982`	`+epqstate->origslot=NULL;`
`2996`	`2983`	`epqstate->recheckestate=NULL;`
`2997`	`2984`	`epqstate->recheckplanstate=NULL;`
`2998`		`-epqstate->origslot=NULL;`
	`2985`	`+epqstate->relsubs_rowmark=NULL;`
	`2986`	`+epqstate->relsubs_done=NULL;`
`2999`	`2987`	`}`

`‎src/test/isolation/expected/eval-plan-qual.out`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -673,6 +673,13 @@ a b c`
`673`	`673`	`2 3 0`
`674`	`674`	`step c2: COMMIT;`
`675`	`675`
	`676`	`+starting permutation: writep3a writep3b c1 c2`
	`677`	`+step writep3a: UPDATE p SET b = -b WHERE c = 0;`
	`678`	`+step writep3b: UPDATE p SET b = -b WHERE c = 0; <waiting ...>`
	`679`	`+step c1: COMMIT;`
	`680`	`+step writep3b: <... completed>`
	`681`	`+step c2: COMMIT;`
	`682`	`+`
`676`	`683`	`starting permutation: wx2 partiallock c2 c1 read`
`677`	`684`	`step wx2: UPDATE accounts SET balance = balance + 450 WHERE accountid = 'checking' RETURNING balance;`
`678`	`685`	`balance`

`‎src/test/isolation/specs/eval-plan-qual.spec`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -97,10 +97,12 @@ step "upsert1"{`
`97`	`97`	`# readp1/writep1/readp2 tests a bug where nodeLockRows did the wrong thing`
`98`	`98`	`# when the first updated tuple was in a non-first child table.`
`99`	`99`	`# writep2/returningp1 tests a memory allocation issue`
	`100`	`+# writep3a/writep3b tests updates touching more than one table`
`100`	`101`
`101`	`102`	`step"readp1"{SELECTtableoid::regclass,ctid,*FROMpWHEREbIN (0,1)ANDc=0FORUPDATE; }`
`102`	`103`	`step"writep1"{UPDATEpSETb=-1WHEREa=1ANDb=1ANDc=0; }`
`103`	`104`	`step"writep2"{UPDATEpSETb=-bWHEREa=1ANDc=0; }`
	`105`	`+step"writep3a"{UPDATEpSETb=-bWHEREc=0; }`
`104`	`106`	`step"c1"{COMMIT; }`
`105`	`107`	`step"r1"{ROLLBACK; }`
`106`	`108`
`@@ -203,6 +205,7 @@ step "returningp1" {`
`203`	`205`	`WITHuAS (UPDATEpSETb=bWHEREa>0RETURNING* )`
`204`	`206`	`SELECT*FROMu;`
`205`	`207`	`}`
	`208`	`+step"writep3b"{UPDATEpSETb=-bWHEREc=0; }`
`206`	`209`	`step"readforss"{`
`207`	`210`	`SELECTta.idASta_id,ta.valueASta_value,`
`208`	`211`	`(SELECTROW(tb.id,tb.value)`
`@@ -338,6 +341,7 @@ permutation "wx1" "delwctefail" "c1" "c2" "read"`
`338`	`341`	`permutation"upsert1""upsert2""c1""c2""read"`
`339`	`342`	`permutation"readp1""writep1""readp2""c1""c2"`
`340`	`343`	`permutation"writep2""returningp1""c1""c2"`
	`344`	`+permutation"writep3a""writep3b""c1""c2"`
`341`	`345`	`permutation"wx2""partiallock""c2""c1""read"`
`342`	`346`	`permutation"wx2""lockwithvalues""c2""c1""read"`
`343`	`347`	`permutation"wx2_ext""partiallock_ext""c2""c1""read_ext"`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit87fed2a

File tree

3 files changed

3 files changed

`‎src/backend/executor/execMain.c`

`‎src/test/isolation/expected/eval-plan-qual.out`

`‎src/test/isolation/specs/eval-plan-qual.spec`

0 commit comments