Re: BUG #15540: Use after release in ExecuteTruncateGuts
От | PanBian |
---|---|
Тема | Re: BUG #15540: Use after release in ExecuteTruncateGuts |
Дата | |
Msg-id | 20181209005617.GA65607@bp обсуждение исходный текст |
Ответ на | Re: BUG #15540: Use after release in ExecuteTruncateGuts (Tom Lane <tgl@sss.pgh.pa.us>) |
Ответы |
Re: BUG #15540: Use after release in ExecuteTruncateGuts
|
Список | pgsql-bugs |
On Fri, Dec 07, 2018 at 11:09:05AM -0500, Tom Lane wrote: > =?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes: > > The function ExecuteTruncateGuts drops the reference to rel via > > relation_close when toast_relid is valid. However, after that, rel is passed > > to pgstat_count_truncate. This may result in a use-after-release bug. > > ... and, even more to the point, the truncation stats count is incorrectly > applied to the toast table not its parent. > > > Maybe, > > rel should be re-declared on the branch that toast_relid is valid. > > Yeah, seems like the right way. Will fix. > > Are you using a static analyzer to find these? I'm curious how > you noticed them. Yes. I write a static analysis tool. It can find functions that release memory or other resources. Let's call them free-like functions. With such free-like functions, the tool then performs data flow analysis to find use-after-free bugs. Of course, we can feed those free-like functions to other static analyzers such as Coverity. I believe it will work too. Best regards, Pan Bian > > regards, tom lane
В списке pgsql-bugs по дате отправления: