| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: pg_surgery: Fix off-by-one bug with heap offset |
| Date: | 2026-06-05 23:17:27 |
| Message-ID: | E1wVdn5-001G41-0V@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
pg_surgery: Fix off-by-one bug with heap offset
heap_force_common() declared a boolean array indexed with an
OffsetNumber for a size of MaxHeapTuplesPerPage. OffsetNumbers are
1-based, so an input TID whose offset number equals MaxHeapTuplesPerPage
wrote one byte past the end of the stack array, crashing the server.
Like heapam_handler.c, this commit changes the array so as it uses a
0-based index, substracting one from the OffsetNumbers.
Reported-by: Wang Yuelin <violin0613(at)tju(dot)edu(dot)cn>
Reviewed-by: Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com>
Discussion: https://postgr.es/m/20260604002256.40f1fd544@smtp.qiye.163.com
Backpatch-through: 14
Branch
------
REL_15_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/51f63ba2bf7f4a619f9e4251450ee462ba8505dc
Modified Files
--------------
contrib/pg_surgery/heap_surgery.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2026-06-05 23:53:35 | pgsql: Lift shutdown assertion in pgstats for WAL senders |
| Previous Message | Daniel Gustafsson | 2026-06-05 22:22:05 | pgsql: doc: Clarify OAuth validator authn_id logging |