• Heikki Linnakangas's avatar
    Fix reference-after-free when waiting for another xact due to constraint. · 57fe2468
    Heikki Linnakangas authored
    If an insertion or update had to wait for another transaction to finish,
    because there was another insertion with conflicting key in progress,
    we would pass a just-free'd item pointer to XactLockTableWait().
    
    All calls to XactLockTableWait() and MultiXactIdWait() had similar issues.
    Some passed a pointer to a buffer in the buffer cache, after already
    releasing the lock. The call in EvalPlanQualFetch had already released the
    pin too. All but the call in execUtils.c would merely lead to reporting a
    bogus ctid, however (or an assertion failure, if enabled).
    
    All the callers that passed HeapTuple->t_data->t_ctid were slightly bogus
    anyway: if the tuple was updated (again) in the same transaction, its ctid
    field would point to the next tuple in the chain, not the tuple itself.
    
    Backpatch to 9.4, where the 'ctid' argument to XactLockTableWait was added
    (in commit f88d4cfc)
    57fe2468
execMain.c 78 KB