| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix MarkBufferDirtyHint() to not call GetBufferDescriptor() for |
| Date: | 2026-06-10 04:53:39 |
| Message-ID: | E1wXAwd-001pRz-0F@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix MarkBufferDirtyHint() to not call GetBufferDescriptor() for local buffers
GetBufferDescriptor() was called before checking if the buffer is local.
Such buffers have a negative ID, meaning that we could call
GetBufferDescriptor() with a wrapped-around uint32 value causing a
potential out-of-bound access to the BufferDescriptors array.
This is harmless in the existing code for the current uses of
MarkBufferDirtyHint(), but the author has found a way to make that
buggy while working on a different patch set, and the order of the
operations is wrong.
Oversight in 82467f627bd4. No backpatch is required, as this is new to
v19.
Author: Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com>
Discussion: https://postgr.es/m/CAExHW5uzRMYVZsXXS3HXXT0fG_sNrpUhUqwP4NorhaCqH9JDhA@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e18b0cb7344cb4bd28468f6c0aeeb9b9241d30aa
Modified Files
--------------
src/backend/storage/buffer/bufmgr.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2026-06-10 21:01:50 | pgsql: Undo thinko in commit e78d1d6d4. |
| Previous Message | Fujii Masao | 2026-06-10 03:33:35 | pgsql: pg_buffercache: restore rowtype verification in pg_buffercache_p |