(cloudberry) branch main updated: Fix double free issue in alterResgroupCallback during io_limit cleanup

Fri, 22 Aug 2025 03:57:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

maxyang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git


The following commit(s) were added to refs/heads/main by this push:
     new 65cd966d5a1 Fix double free issue in alterResgroupCallback during 
io_limit cleanup
65cd966d5a1 is described below

commit 65cd966d5a144dfe861d5107ac2db0be0ad18798
Author: zhangyue <[email protected]>
AuthorDate: Thu Aug 21 13:19:53 2025 +0800

    Fix double free issue in alterResgroupCallback during io_limit cleanup
    
    We need to handle two scenarios:
    1. When caps.io_limit differs from oldCaps.io_limit — this corresponds to
       the RESGROUP_LIMIT_TYPE_IO_LIMIT case.
    2. When caps.io_limit is equal to oldCaps.io_limit — this applies to
       all other cases.
    
    The original code causes a double free issue in the second scenario ("other 
cases").
---
 src/backend/commands/resgroupcmds.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/backend/commands/resgroupcmds.c 
b/src/backend/commands/resgroupcmds.c
index 5c319e85b11..f6ee4fefc34 100644
--- a/src/backend/commands/resgroupcmds.c
+++ b/src/backend/commands/resgroupcmds.c
@@ -1093,10 +1093,23 @@ alterResgroupCallback(XactEvent event, void *arg)
        if (event == XACT_EVENT_COMMIT)
                ResGroupAlterOnCommit(callbackCtx);
 
+       /*
+        * Free io_limit resources allocated in AlterResourceGroup().
+        *
+        * We need to handle two cases:
+        * 1. caps.io_limit != oldCaps.io_limit: case 
RESGROUP_LIMIT_TYPE_IO_LIMIT
+        * 2. caps.io_limit == oldCaps.io_limit: other cases
+        *
+        * The pointer comparison (oldCaps.io_limit != caps.io_limit) is 
crucial to
+        * avoid double free errors. When "other cases", both pointers might
+        * reference the same memory location, so we only free oldCaps.io_limit 
if
+        * it's different from caps.io_limit.
+        */
        if (callbackCtx->caps.io_limit != NIL)
                cgroupOpsRoutine->freeio(callbackCtx->caps.io_limit);
 
-       if (callbackCtx->caps.io_limit != NIL)
+       if (callbackCtx->oldCaps.io_limit != NIL &&
+               callbackCtx->oldCaps.io_limit != callbackCtx->caps.io_limit)
                cgroupOpsRoutine->freeio(callbackCtx->oldCaps.io_limit);
 
        pfree(callbackCtx);


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to