Fix race condition in statext_store().

Must hold some lock on the pg_statistic_ext_data catalog *before*
we look up the tuple we aim to replace.  Otherwise a concurrent
VACUUM FULL or similar operation could move it to a different TID,
leaving us trying to replace the wrong tuple.

Back-patch to v12 where this got broken.

Credit goes to Dean Rasheed; I'm just doing the clerical work.

Discussion: https://postgr.es/m/CAEZATCU0zHMDiQV0g8P2U+YSP9C1idUPrn79DajsbonwkN0xvQ@mail.gmail.com

diff --git a/src/backend/statistics/extended_stats.c b/src/backend/statistics/extended_stats.c
index 318fdb8f6dc7290e2e20e16087a7827c8f024bf6..d1f818d49a8c0c9717b092b62848abd04ca9054a 100644 (file)
--- a/src/backend/statistics/extended_stats.c
+++ b/src/backend/statistics/extended_stats.c
@@ -493,12 +493,14 @@ statext_store(Oid statOid,
                          MVNDistinct *ndistinct, MVDependencies *dependencies,
                          MCVList *mcv, VacAttrStats **stats)
 {
+       Relation        pg_stextdata;
        HeapTuple       stup,
                                oldtup;
        Datum           values[Natts_pg_statistic_ext_data];
        bool            nulls[Natts_pg_statistic_ext_data];
        bool            replaces[Natts_pg_statistic_ext_data];
-       Relation        pg_stextdata;
+
+       pg_stextdata = table_open(StatisticExtDataRelationId, RowExclusiveLock);
 
        memset(nulls, true, sizeof(nulls));
        memset(replaces, false, sizeof(replaces));
@@ -542,8 +544,6 @@ statext_store(Oid statOid,
                elog(ERROR, "cache lookup failed for statistics object %u", statOid);
 
        /* replace it */
-       pg_stextdata = table_open(StatisticExtDataRelationId, RowExclusiveLock);
-
        stup = heap_modify_tuple(oldtup,
                                                         RelationGetDescr(pg_stextdata),
                                                         values,