Fix uninitialized access to InitialRunningXacts during decoding.

In commit 272248a0c, we introduced an InitialRunningXacts array to
remember transactions and subtransactions that were running when the
xl_running_xacts record that we decoded was written. This array was
allocated in the snapshot builder memory context after we restore
serialized snapshot but we forgot to reset the array while freeing the
builder memory context. So, the next time when we start decoding in the
same session where we don't restore any serialized snapshot, we ended up
using the uninitialized array and that can lead to unpredictable behavior.

This problem doesn't exist in HEAD as instead of using
InitialRunningXacts, we added the list of transaction IDs and
sub-transaction IDs, that have modified catalogs and are running during
snapshot serialization, to the serialized snapshot (see commit 7f13ac8123).

Reported-by: Maxim Orlov
Author: Masahiko Sawada
Reviewed-by: Amit Kapila, Maxim Orlov
Backpatch-through: 11
Discussion: https://postgr.es/m/CACG=ezZoz_KG+Ryh9MrU_g5e0HiVoHocEvqFF=NRrhrwKmEQJQ@mail.gmail.com

diff --git a/src/backend/replication/logical/snapbuild.c b/src/backend/replication/logical/snapbuild.c
index cdf4aa01e924d22dcdc226714df17e212c626f35..4c951678c0a8a28a7632ec474df5cb7214dfb731 100644 (file)
--- a/src/backend/replication/logical/snapbuild.c
+++ b/src/backend/replication/logical/snapbuild.c
@@ -343,6 +343,9 @@ AllocateSnapshotBuilder(ReorderBuffer *reorder,
 
        MemoryContextSwitchTo(oldcontext);
 
+       /* The initial running transactions array must be empty. */
+       Assert(NInitialRunningXacts == 0 && InitialRunningXacts == NULL);
+
        return builder;
 }
 
@@ -363,6 +366,10 @@ FreeSnapshotBuilder(SnapBuild *builder)
 
        /* other resources are deallocated via memory context reset */
        MemoryContextDelete(context);
+
+       /* InitialRunningXacts is freed along with the context */
+       NInitialRunningXacts = 0;
+       InitialRunningXacts = NULL;
 }
 
 /*