This is an automated email from the ASF dual-hosted git repository. yjhjstz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cloudberry.git
commit f2764ef4c662ccbd7527f86a4b435fe41dcb25b1 Author: Adam Lee <[email protected]> AuthorDate: Thu Nov 17 11:43:53 2022 +0800 ao/co: don't dereference dangling pointers (#14468) hash_search(,,HASH_REMOVE,) returns a dangling pointer that shouldn't be dereferenced. --- src/backend/access/aocs/aocsam_handler.c | 16 ++++++++++++---- src/backend/access/appendonly/appendonlyam_handler.c | 17 +++++++++++++---- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/src/backend/access/aocs/aocsam_handler.c b/src/backend/access/aocs/aocsam_handler.c index 7dbdb37756..78d0248a48 100644 --- a/src/backend/access/aocs/aocsam_handler.c +++ b/src/backend/access/aocs/aocsam_handler.c @@ -242,7 +242,7 @@ find_dml_state(const Oid relationOid) * * Should be called exactly once per relation. */ -static inline AOCODMLState * +static inline void remove_dml_state(const Oid relationOid) { AOCODMLState *state; @@ -254,13 +254,13 @@ remove_dml_state(const Oid relationOid) NULL); if (!state) - return NULL; + return; if (aocoDMLStates.last_used_state && aocoDMLStates.last_used_state->relationOid == relationOid) aocoDMLStates.last_used_state = NULL; - return state; + return; } /* @@ -285,7 +285,14 @@ aoco_dml_finish(Relation relation, CmdType operation) AOCODMLState *state; bool had_delete_desc = false; - state = remove_dml_state(RelationGetRelid(relation)); + Oid relationOid = RelationGetRelid(relation); + + Assert(aocoDMLStates.state_table); + + state = (AOCODMLState *) hash_search(aocoDMLStates.state_table, + &relationOid, + HASH_FIND, + NULL); if (!state) return; @@ -354,6 +361,7 @@ aoco_dml_finish(Relation relation, CmdType operation) state->uniqueCheckDesc = NULL; } + remove_dml_state(relationOid); } /* diff --git a/src/backend/access/appendonly/appendonlyam_handler.c b/src/backend/access/appendonly/appendonlyam_handler.c index 6f4941447c..2c5cda5266 100644 --- a/src/backend/access/appendonly/appendonlyam_handler.c +++ b/src/backend/access/appendonly/appendonlyam_handler.c @@ -200,7 +200,7 @@ find_dml_state(const Oid relationOid) * * Should be called exactly once per relation. */ -static inline AppendOnlyDMLState * +static inline void remove_dml_state(const Oid relationOid) { AppendOnlyDMLState *state; @@ -212,13 +212,13 @@ remove_dml_state(const Oid relationOid) NULL); if (!state) - return NULL; + return; if (appendOnlyDMLStates.last_used_state && appendOnlyDMLStates.last_used_state->relationOid == relationOid) appendOnlyDMLStates.last_used_state = NULL; - return state; + return; } /* @@ -243,7 +243,14 @@ appendonly_dml_finish(Relation relation, CmdType operation) AppendOnlyDMLState *state; bool had_delete_desc = false; - state = remove_dml_state(RelationGetRelid(relation)); + Oid relationOid = RelationGetRelid(relation); + + Assert(appendOnlyDMLStates.state_table); + + state = (AppendOnlyDMLState *)hash_search(appendOnlyDMLStates.state_table, + &relationOid, + HASH_FIND, + NULL); if (!state) return; @@ -311,6 +318,8 @@ appendonly_dml_finish(Relation relation, CmdType operation) pfree(state->uniqueCheckDesc); state->uniqueCheckDesc = NULL; } + + remove_dml_state(relationOid); } /* --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
