[HACKERS] shm_mq bug

Thu, 24 Jul 2014 05:28:34 -0700 

In testing some new code I'm working on that uses shm_mq to do Cool
Stuff (TM), I discovered that my code was mysteriously failing
assertions when I hit ^C in the middle of the test.  This led me on a
lengthy, mostly-misguided hunt for the culprit.  I eventually
discovered that the problem wasn't in my new code at all, but was
rather an oversight in the shm_mq stuff I previously committed.  So, I
intend to commit and back-patch the attached fix shortly.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

commit 42900c00c831607ec435228e346ccbb8617be521
Author: Robert Haas <rh...@postgresql.org>
Date:   Wed Jul 23 16:29:40 2014 -0400

    Prevent shm_mq_send from reading uninitialized memory.
    
    shm_mq_send_bytes didn't invariably initialize *bytes_written before
    returning, which would cause shm_mq_send to read from uninitialized
    memory and add the value it found there to mqh->mqh_partial_bytes.
    This could cause the next attempt to send a message via the queue to
    fail an assertion (if the queue was detached) or copy data from a
    garbage pointer value into the queue (if non-blocking mode was in use).

diff --git a/src/backend/storage/ipc/shm_mq.c b/src/backend/storage/ipc/shm_mq.c
index 6f9c3a3..d96627a 100644
--- a/src/backend/storage/ipc/shm_mq.c
+++ b/src/backend/storage/ipc/shm_mq.c
@@ -676,7 +676,10 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
 
 		/* Bail out if the queue has been detached. */
 		if (detached)
+		{
+			*bytes_written = sent;
 			return SHM_MQ_DETACHED;
+		}
 
 		if (available == 0)
 		{
@@ -691,12 +694,16 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
 				if (nowait)
 				{
 					if (shm_mq_get_receiver(mq) == NULL)
+					{
+						*bytes_written = sent;
 						return SHM_MQ_WOULD_BLOCK;
+					}
 				}
 				else if (!shm_mq_wait_internal(mq, &mq->mq_receiver,
 											   mqh->mqh_handle))
 				{
 					mq->mq_detached = true;
+					*bytes_written = sent;
 					return SHM_MQ_DETACHED;
 				}
 				mqh->mqh_counterparty_attached = true;

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to