8000 Fix rare sharedtuplestore.c corruption. · postgres/postgres@d95dcc9 · GitHub
[go: up one dir, main page]
Skip to content

Commit d95dcc9

Browse files
macdicemacdice
committed
Fix rare sharedtuplestore.c corruption.
If the final chunk of an oversized tuple being written out to disk was exactly 32760 bytes, it would be corrupted due to a fencepost bug. Bug #17619. Back-patch to 11 where the code arrived. While testing that (see test module in archives), I (tmunro) noticed that the per-participant page counter was not initialized to zero as it should have been; that wasn't a live bug when it was written since DSM memory was originally always zeroed, but since 14 min_dynamic_shared_memory might be configured and it supplies non-zeroed memory, so that is also fixed here. Author: Dmitry Astapov <dastapov@gmail.com> Discussion: https://postgr.es/m/17619-0de62ceda812b8b5%40postgresql.org
1 parent 2433731 commit d95dcc9

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

src/backend/utils/sort/sharedtuplestore.c

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,7 @@ sts_initialize(SharedTuplestore *sts, int participants,
160160
LWLockInitialize(&sts->participants[i].lock,
161161
LWTRANCHE_SHARED_TUPLESTORE);
162162
sts->participants[i].read_page = 0;
163+
sts->participants[i].npages = 0;
163164
sts->participants[i].writing = false;
164165
}
165166

@@ -321,7 +322,7 @@ sts_puttuple(SharedTuplestoreAccessor *accessor, void *meta_data,
321322

322323
/* Do we have space? */
323324
size = accessor->sts->meta_data_size + tuple->t_len;
324-
if (accessor->write_pointer + size >= accessor->write_end)
325+
if (accessor->write_pointer + size > accessor->write_end)
325326
{
326327
if (accessor->write_chunk == NULL)
327328
{
@@ -341,7 +342,7 @@ sts_puttuple(SharedTuplestoreAccessor *accessor, void *meta_data,
341342
}
342343

343344
/* It may still not be enough in the case of a gigantic tuple. */
344-
if (accessor->write_pointer + size >= accessor->write_end)
345+
if (accessor->write_pointer + size > accessor->write_end)
345346
{
346347
size_t written;
347348

0 commit comments

Comments
 (0)
0