From 29fb598b9cad898ef851b9a7704f980218057562 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Thu, 18 Jun 2026 14:05:27 +0900 Subject: [PATCH] Make GetSnapshotData() more resilient on out-of-memory errors If the allocation of Snapshot->subxip fails, a follow-up call of GetSnapshotData() would see a partially-initialized snapshot, causing a NULL dereference on reentry when using "subxip" because only "xip" would be allocated. In the event of an out-of-memory error when allocating "subxip", "xip" is now reset before throwing an ERROR, so as Snapshots can be allocated and handled gracefully on retry. This problem is unlikely going to show up in practice, so no backpatch. Reported-by: Alexander Lakhin Author: Matthias van de Meent Discussion: https://postgr.es/m/e77acaac-a1b3-40b3-99ee-5769b4e453e4@gmail.com --- src/backend/storage/ipc/procarray.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/backend/storage/ipc/procarray.c b/src/backend/storage/ipc/procarray.c index f540bb6b23f..60336b31803 100644 --- a/src/backend/storage/ipc/procarray.c +++ b/src/backend/storage/ipc/procarray.c @@ -2158,9 +2158,17 @@ GetSnapshotData(Snapshot snapshot) snapshot->subxip = (TransactionId *) malloc(GetMaxSnapshotSubxidCount() * sizeof(TransactionId)); if (snapshot->subxip == NULL) + { + /* + * Clean up the Snapshot state before throwing the error, so that + * a retry does not see a partially-initialized snapshot. + */ + free(snapshot->xip); + snapshot->xip = NULL; ereport(ERROR, (errcode(ERRCODE_OUT_OF_MEMORY), errmsg("out of memory"))); + } } /* -- 2.47.3