Fix memory corruption/crash in ANALYZE. This fixes an embarrassing oversight I (Andres) made in 737a292b, namely missing two place where liverows/deadrows were used when converting those variables to pointers, leading to incrementing the pointer, rather than the value.
It's not that actually that easy to trigger a crash: One needs tuples deleted by the current transaction, followed by a tuple deleted in another session, all in one page. Which is presumably why this hasn't been noticed before. Reported-By: Steve Singer Author: Steve Singer Discussion: https://postgr.es/m/[email protected] Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/23224563d97913aa824d04c498d59ad4d85fda38 Modified Files -------------- src/backend/access/heap/heapam_handler.c | 4 ++-- src/test/regress/expected/vacuum.out | 12 ++++++++++++ src/test/regress/sql/vacuum.sql | 13 +++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-)
