brin: Don't crash on auto-summarization

alvherre · alvherre · commit b4da9d0e1ee4 · 2017-05-30T18:17:09.000-04:00
We were trying to free a pointer into a shared buffer, which never works; and we were failing to release the buffer lock appropriately. Fix those omissions. While at it, improve documentation for brinGetTupleForHeapBlock, the inadequacy of which evidently caused these bugs in the first place. Reported independently by Zhou Digoal (bug #14668) and Alexander Sosna. Discussion: https://postgr.es/m/8c31c11b-6adb-228d-22c2-4ace89fc9209@credativ.de Discussion: https://postgr.es/m/20170524063323.29941.46339@wrigleys.postgresql.org
diff --git a/src/backend/access/brin/brin.c b/src/backend/access/brin/brin.c
@@ -190,7 +190,8 @@ brininsert(Relation idxRel, Datum *values, bool *nulls,
 				AutoVacuumRequestWork(AVW_BRINSummarizeRange,
 									  RelationGetRelid(idxRel),
 									  lastPageRange);
-			brin_free_tuple(lastPageTuple);
+			else
+				LockBuffer(buf, BUFFER_LOCK_UNLOCK);
 		}
 
 		brtup = brinGetTupleForHeapBlock(revmap, heapBlk, &buf, &off,
diff --git a/src/backend/access/brin/brin_revmap.c b/src/backend/access/brin/brin_revmap.c
@@ -179,13 +179,16 @@ brinSetHeapBlockItemptr(Buffer buf, BlockNumber pagesPerRange,
 /*
  * Fetch the BrinTuple for a given heap block.
  *
- * The buffer containing the tuple is locked, and returned in *buf. As an
- * optimization, the caller can pass a pinned buffer *buf on entry, which will
- * avoid a pin-unpin cycle when the next tuple is on the same page as a
- * previous one.
+ * The buffer containing the tuple is locked, and returned in *buf.  The
+ * returned tuple points to the shared buffer and must not be freed; if caller
+ * wants to use it after releasing the buffer lock, it must create its own
+ * palloc'ed copy.  As an optimization, the caller can pass a pinned buffer
+ * *buf on entry, which will avoid a pin-unpin cycle when the next tuple is on
+ * the same page as a previous one.
  *
  * If no tuple is found for the given heap range, returns NULL. In that case,
- * *buf might still be updated, but it's not locked.
+ * *buf might still be updated (and pin must be released by caller), but it's
+ * not locked.
  *
  * The output tuple offset within the buffer is returned in *off, and its size
  * is returned in *size.

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,8 @@ brininsert(Relation idxRel, Datum values, bool nulls,`
`190`	`190`	`AutoVacuumRequestWork(AVW_BRINSummarizeRange,`
`191`	`191`	`RelationGetRelid(idxRel),`
`192`	`192`	`lastPageRange);`
`193`		`- brin_free_tuple(lastPageTuple);`
	`193`	`+ else`
	`194`	`+ LockBuffer(buf, BUFFER_LOCK_UNLOCK);`
`194`	`195`	`}`
`195`	`196`
`196`	`197`	`brtup = brinGetTupleForHeapBlock(revmap, heapBlk, &buf, &off,`