Quick Links

Re: [COMMITTERS] pgsql: Fix failure due to accessing an

From:	Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp>
To:	tgl(at)postgresql(dot)org
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [COMMITTERS] pgsql: Fix failure due to accessing an
Date:	2007-01-18 02:20:08
Message-ID:	20070118.112008.41656133.t-ishii@sraoss.co.jp
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers pgsql-hackers

Tom,

Is this a fix for security hole/vulnerability?
One of our engineer claimed that double free bug itself is a
vulnerability, thus 8.2.1 release should be called as "security
release".
--
Tatsuo Ishii
SRA OSS, Inc. Japan

> Log Message:
> -----------
> Fix failure due to accessing an already-freed tuple descriptor in a plan
> involving HashAggregate over SubqueryScan (this is the known case, there
> may well be more). The bug is only latent in releases before 8.2 since they
> didn't try to access tupletable slots' descriptors during ExecDropTupleTable.
> The least bogus fix seems to be to make subqueries share the parent query's
> memory context, so that tupdescs they create will have the same lifespan as
> those of the parent query. There are comments in the code envisioning going
> even further by not having a separate child EState at all, but that will
> require rethinking executor access to range tables, which I don't want to
> tackle right now. Per bug report from Jean-Pierre Pelletier.
>
> Tags:
> ----
> REL8_2_STABLE
>
> Modified Files:
> --------------
> pgsql/src/backend/executor:
> execMain.c (r1.280 -> r1.280.2.1)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execMain.c.diff?r1=1.280&r2=1.280.2.1)
> execUtils.c (r1.140 -> r1.140.2.1)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/execUtils.c.diff?r1=1.140&r2=1.140.2.1)
> nodeSubplan.c (r1.80 -> r1.80.2.1)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubplan.c.diff?r1=1.80&r2=1.80.2.1)
> nodeSubqueryscan.c (r1.32.2.1 -> r1.32.2.2)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/executor/nodeSubqueryscan.c.diff?r1=1.32.2.1&r2=1.32.2.2)
> pgsql/src/include/executor:
> executor.h (r1.130 -> r1.130.2.1)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/executor/executor.h.diff?r1=1.130&r2=1.130.2.1)
> pgsql/src/include/nodes:
> execnodes.h (r1.161 -> r1.161.2.1)
> (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/nodes/execnodes.h.diff?r1=1.161&r2=1.161.2.1)
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org
>

In response to

pgsql: Fix failure due to accessing an already-freed tuple descriptor in at 2006-12-26 21:37:28 from Tom Lane

Responses

Re: [COMMITTERS] pgsql: Fix failure due to accessing an at 2007-01-18 16:42:20 from Tom Lane

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Tatsuo Ishii	2007-01-18 13:49:53	Re: pgsql: Fix failure due to accessing an
Previous Message	Alvaro Herrera	2007-01-17 22:41:19	Re: [COMMITTERS] pgsql: Implement width_bucket() for the

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	markwkm	2007-01-18 02:35:10	Re: ideas for auto-processing patches
Previous Message	Takayuki Tsunakawa	2007-01-18 02:09:53	Re: Idea for fixing the Windows fsync problem