From 16d07f70c2db5837a708b81d68d29eb94168da24 Mon Sep 17 00:00:00 2001 From: Tatsuo Ishii Date: Fri, 9 Apr 2021 19:32:56 +0900 Subject: [PATCH] Fix pgpool crash when query cache enabled. Pgpool-II crashed upon receiving CloseComplete. This only happened in other than streaming and logical replication mode. The minimum test case is as follows: 'P' "S1" "SELECT 1" 0 'B' "P1" "S1" 0 0 0 'E' "P1" 0 'C' 'P' "P1" 'B' "P2" "S1" 0 0 0 'E' "P2" 0 'C' 'P' "P2" 'S' 'Y' 'X' A query statement S1 is bound to portal P1 and P1 is closed. When CommandComplete message arrives, CloseComplete() discard temp query cache buffer corresponding to the query context. Unfortunately it forgot to set NULL to query_context->temp_cache. So whnen next time other portal P2 which was also bound to S1 is closed, CloseComplete() tries to free memory which was already freed by previous CloseComplete. This leads to a segfault. Fix is set NULL to query_context->temp_cache when the CloseComplete() is called. The reason why in streaming and logical replication this does occur is, unlike other mode, in these mode query_context->temp_cache is already freed and set to NULL when CommandComplete arrives. Also new regression test 074.bug700_memqcache_bug_segfault_at_close_complete is added. Per bug 700. --- src/protocol/pool_proto_modules.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/protocol/pool_proto_modules.c b/src/protocol/pool_proto_modules.c index 68f937738..78b8f8350 100644 --- a/src/protocol/pool_proto_modules.c +++ b/src/protocol/pool_proto_modules.c @@ -2349,7 +2349,19 @@ CloseComplete(POOL_CONNECTION * frontend, POOL_CONNECTION_POOL * backend) kind, name))); if (pool_config->memory_cache_enabled) { - pool_discard_temp_query_cache(pool_get_current_cache()); + POOL_QUERY_CONTEXT *query_context; + POOL_TEMP_QUERY_CACHE *temp_cache; + + query_context = session_context->query_context; + if (query_context) + { + temp_cache = query_context->temp_cache; + if (temp_cache) + { + pool_discard_temp_query_cache(temp_cache); + query_context->temp_cache = NULL; + } + } } } -- 2.39.5