| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix unsafe order of operations in ResourceOwnerReleaseAll(). |
| Date: | 2026-06-22 22:03:33 |
| Message-ID: | E1wbmjt-001SGN-0d@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix unsafe order of operations in ResourceOwnerReleaseAll().
This function called the resource-kind-specific ReleaseResource()
method for each item before deleting that item from the resowner.
That's backwards from the ordering in ResourceOwnerReleaseAllOfKind,
and it's not very safe. If ReleaseResource throws an error then the
subsequent abort cleanup will come back here and try to release that
item again, possibly leading to a double-free or similar crash,
and in any case risking an infinite error cleanup loop. This mistake
explains why the pgcrypto bug just fixed in 80bb0ebcc led to a crash
rather than something more benign.
Remove the item from the resowner, then call ReleaseResource,
matching the way things were done before b8bff07da. If there
is a problem of this sort, we'd prefer to leak the item than
suffer the other likely consequences.
Per further analysis of bug #19527.
Author: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Discussion: https://postgr.es/m/646741.1782157515@sss.pgh.pa.us
Backpatch-through: 17
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/ef01ca6dbca54e9bf3abea01c357b346847ebcf3
Modified Files
--------------
src/backend/utils/resowner/resowner.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2026-06-22 22:59:41 | pgsql: Re-introduce pgstat_drop_entry(), keeping ABI compatibility |
| Previous Message | Tom Lane | 2026-06-22 16:59:24 | pgsql: pgcrypto: avoid recursive ResourceOwnerForget(). |