| From: | Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Invalid memory access in pg_stat_get_subscription |
| Date: | 2022-06-08 12:58:26 |
| Message-ID: | CAGz5QCLvqUsQKxyP8TkP_ku4by0uiFczcyivdRVre-Y=-NhjnQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello Tom,
On Wed, Jun 8, 2022 at 12:44 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com> writes:
> > While exploring some code in logical replication worker
> > implementation, I noticed that we're accessing an invalid memory while
> > traversing LogicalRepCtx->workers[i].
> > For the above structure, we're allocating
> > max_logical_replication_workers times LogicalRepWorker amount of
> > memory in ApplyLauncherShmemSize. But, in the for loop, we're
> > accessing the max_logical_replication_workers + 1 location which is
> > resulting in random crashes.
>
> I concur that that's a bug, but eyeing the code, it seems like an
> actual crash would be improbable. Have you seen one? Can you
> reproduce it?
Thank you for looking into it. Unfortunately, I'm not able to
reproduce the crash, but I've seen one crash while executing the
function. The crash occurred at the following line:
> if (!worker.proc || !IsBackendPid(worker.proc->pid))
(gdb) p worker.proc
$6 = (PGPROC *) 0x2bf0b9
The PGPROC structure was pointing to an invalid memory location.
--
Thanks & Regards,
Kuntal Ghosh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2022-06-08 13:17:50 | Re: => operator for named parameters in open cursor |
| Previous Message | Bruce Momjian | 2022-06-08 12:45:59 | Checking for missing heap/index files |