pgsql: Fix use-after-free bug with event triggers in an extension scrip

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

pgsql: Fix use-after-free bug with event triggers in an extension scrip

Álvaro Herrera
Fix use-after-free bug with event triggers in an extension script

ALTER TABLE commands in an extension script are added to an event
trigger command list; but starting with commit b5810de3f4 they do so in
a memory context that's too short-lived, so when execution ends and time
comes to use the entries, they've already been freed.

(This would also be a problem with ALTER TABLE commands in a
multi-command query string, but these serendipitously end in
PortalContext -- which probably explains why it took so long for this to
be reported.)

Fix by using the memory context specifically set for that, instead.

Backpatch to 13, where the aforementioned commit appeared.

Reported-by: Philippe Beaudoin
Author: Jehan-Guillaume de Rorthais <[hidden email]>
Discussion: https://postgr.es/m/20200902193715.6e0269d4@firost

Branch
------
REL_13_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/873cb8fca9b14bde3e1d5577fcbb7b76d303076d

Modified Files
--------------
src/backend/commands/event_trigger.c                     |  6 ++++++
src/test/modules/test_extensions/Makefile                |  6 ++++--
.../modules/test_extensions/expected/test_extensions.out |  5 +++++
src/test/modules/test_extensions/sql/test_extensions.sql |  6 ++++++
.../test_extensions/test_ext_evttrig--1.0--2.0.sql       |  7 +++++++
.../modules/test_extensions/test_ext_evttrig--1.0.sql    | 16 ++++++++++++++++
.../modules/test_extensions/test_ext_evttrig.control     |  3 +++
7 files changed, 47 insertions(+), 2 deletions(-)