Fix use of dangling pointer in heap_delete() when logging replica identity

When logging the replica identity of a deleted tuple, XLOG_HEAP_DELETE
records include references of the old tuple.  Its data is stored in an
intermediate variable used to register this information for the WAL
record, but this variable gets away from the stack when the record gets
actually inserted.

Spotted by clang's AddressSanitizer.

Author: Stas Kelvish
Discussion: https://postgr.es/m/085C8825-AD86-4E93-AF80-E26CDF03D1EA@postgrespro.ru
Backpatch-through: 9.4

diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c
index 4406a69ef266c03fa7d5ea9e6d8482a60a6634a6..dc3499349b67f1ed9c27335507d0f04ba7c89eb2 100644 (file)
--- a/src/backend/access/heap/heapam.c
+++ b/src/backend/access/heap/heapam.c
@@ -3039,6 +3039,7 @@ l1:
    if (RelationNeedsWAL(relation))
    {
        xl_heap_delete xlrec;
+       xl_heap_header xlhdr;
        XLogRecPtr  recptr;
 
        /* For logical decode we need combocids to properly decode the catalog */
@@ -3073,8 +3074,6 @@ l1:
         */
        if (old_key_tuple != NULL)
        {
-           xl_heap_header xlhdr;
-
            xlhdr.t_infomask2 = old_key_tuple->t_data->t_infomask2;
            xlhdr.t_infomask = old_key_tuple->t_data->t_infomask;
            xlhdr.t_hoff = old_key_tuple->t_data->t_hoff;