View Revisions: Issue #614

Summary 0000614: Invalid memory reference in sync_backend_from_watchdog()
Revision 2020-05-26 16:17 by t-ishii
Description This refers to the following code in the sync_backend_from_watchdog() function, in src/main/pgpool_main.c:

        if (backendStatus->primary_node_id == -1 && BACKEND_INFO(Req_info->primary_node_id).backend_status != CON_DOWN)
        {
            ereport(LOG,
                (errmsg("primary node:%d on master watchdog node \"%s\" seems to be quarantined",
                    Req_info->primary_node_id, backendStatus->nodeName),
                errdetail("keeping the current primary")));
        }
        else
        {
            Req_info->primary_node_id = backendStatus->primary_node_id;
            primary_changed = true;
        }


During run of regression test 004.watchdog, sync_backend_from_watchdog() referenced BACKEND_INFO using a primary node id of -2, which caused memory to be referenced outside of the BACKEND_INFO.
On RHEL7 for IBM Z, this always caused a crash (coredump).

The problem was introduced by the following commit:
https://github.com/pgpool/pgpool2/commit/3922c12c1f8efbc1b5f2e7def1e0ff921aafb989
 
I've attached a patch for review.

Revision 2020-05-26 16:07 by gregn123
Description This refers to the following code in the sync_backend_from_watchdog() function, in src/main/pgpool_main.c:

        if (backendStatus->primary_node_id == -1 && BACKEND_INFO(Req_info->primary_node_id).backend_status != CON_DOWN)
        {
            ereport(LOG,
                (errmsg("primary node:%d on master watchdog node \"%s\" seems to be quarantined",
                    Req_info->primary_node_id, backendStatus->nodeName),
                errdetail("keeping the current primary")));
        }
        else
        {
            Req_info->primary_node_id = backendStatus->primary_node_id;
            primary_changed = true;
        }


During run of regression test 004.watchdog, sync_backend_from_watchdog() referenced BACKEND_INFO using a primary node id of -2, which caused memory to be referenced outside of the BACKEND_INFO.
On RHEL7 for IBM Z, this always caused a crash (coredump).

The problem was introduced by the following commit:
https://github.com/pgpool/pgpool2/commit/3922c12c1f8efbc1b5f2e7def1e0ff921aafb989
 
I've attached a patch for review.