Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 97651b0

Browse filesBrowse files
david-rowleydavid-rowley
committed
Fix incorrect sentinel byte logic in GenerationRealloc()
This only affects MEMORY_CONTEXT_CHECKING builds. This fixes an off-by-one issue in GenerationRealloc() where the fast-path code which tries to reuse the existing allocation if the existing chunk is >= the new requested size. The code there thought it was always ok to use the existing chunk, but when oldsize == size there isn't enough space to store the sentinel byte. If both sizes matched exactly set_sentinel() would overwrite the first byte beyond the chunk and then subsequent GenerationRealloc() calls could then fail the Assert(chunk->requested_size < oldsize) check which is trying to ensure the chunk is large enough to store the sentinel. The same issue does not exist in aset.c as the sentinel checking code only adds a sentinel byte if there's enough space in the chunk. Reported-by: Alexander Lakhin <exclusion@gmail.com> Discussion: https://postgr.es/m/49275921-7b39-41af-5eb8-97b50ce3312e@gmail.com Backpatch-through: 16, where the problem was introduced by 0e48038
1 parent 2a5ef09 commit 97651b0
Copy full SHA for 97651b0

File tree

Expand file treeCollapse file tree

1 file changed

+7
-2
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+7
-2
lines changed

‎src/backend/utils/mmgr/generation.c

Copy file name to clipboardExpand all lines: src/backend/utils/mmgr/generation.c
+7-2Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -846,16 +846,21 @@ GenerationRealloc(void *pointer, Size size, int flags)
846846
#endif
847847

848848
/*
849-
* Maybe the allocated area already is >= the new size. (In particular,
850-
* we always fall out here if the requested size is a decrease.)
849+
* Maybe the allocated area already big enough. (In particular, we always
850+
* fall out here if the requested size is a decrease.)
851851
*
852852
* This memory context does not use power-of-2 chunk sizing and instead
853853
* carves the chunks to be as small as possible, so most repalloc() calls
854854
* will end up in the palloc/memcpy/pfree branch.
855855
*
856856
* XXX Perhaps we should annotate this condition with unlikely()?
857857
*/
858+
#ifdef MEMORY_CONTEXT_CHECKING
859+
/* With MEMORY_CONTEXT_CHECKING, we need an extra byte for the sentinel */
860+
if (oldsize > size)
861+
#else
858862
if (oldsize >= size)
863+
#endif
859864
{
860865
#ifdef MEMORY_CONTEXT_CHECKING
861866
Size oldrequest = chunk->requested_size;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.