From 4b82ed6eca41220e50d4712ab929c20030b30d35 Mon Sep 17 00:00:00 2001 From: Amit Kapila Date: Tue, 23 Mar 2021 09:43:33 +0530 Subject: [PATCH] Fix dangling pointer reference in stream_cleanup_files. We can't access the entry after it is removed from dynahash. Author: Peter Smith Discussion: https://postgr.es/m/CAHut+Ps-pL++f6CJwPx2+vUqXuew=Xt-9Bi-6kCyxn+Fwi2M7w@mail.gmail.com --- src/backend/replication/logical/worker.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/backend/replication/logical/worker.c b/src/backend/replication/logical/worker.c index 21d304a64c3..354fbe4b4bc 100644 --- a/src/backend/replication/logical/worker.c +++ b/src/backend/replication/logical/worker.c @@ -2740,14 +2740,14 @@ stream_cleanup_files(Oid subid, TransactionId xid) { char path[MAXPGPATH]; StreamXidHash *ent; + bool found = false; - /* Remove the xid entry from the stream xid hash */ + /* By this time we must have created the transaction entry */ ent = (StreamXidHash *) hash_search(xidhash, (void *) &xid, - HASH_REMOVE, - NULL); - /* By this time we must have created the transaction entry */ - Assert(ent != NULL); + HASH_FIND, + &found); + Assert(found); /* Delete the change file and release the stream fileset memory */ changes_filename(path, subid, xid); @@ -2763,6 +2763,9 @@ stream_cleanup_files(Oid subid, TransactionId xid) pfree(ent->subxact_fileset); ent->subxact_fileset = NULL; } + + /* Remove the xid entry from the stream xid hash */ + hash_search(xidhash, (void *) &xid, HASH_REMOVE, NULL); } /* -- 2.39.5