Fix rare core dump in BackendIdGetTransactionIds().

tglsfdc · tglsfdc · commit 701dcc983eb4 · 2015-03-30T13:05:27.000-04:00
BackendIdGetTransactionIds() neglected the possibility that the PROC
pointer in a ProcState array entry is null.  In current usage, this could
only crash if the other backend had exited since pgstat_read_current_status
saw it as active, which is a pretty narrow window.  But it's reachable in
the field, per bug #12918 from Vladimir Borodin.

Back-patch to 9.4 where the faulty code was introduced.
diff --git a/src/backend/storage/ipc/sinvaladt.c b/src/backend/storage/ipc/sinvaladt.c
@@ -403,9 +403,7 @@ BackendIdGetProc(int backendID)
 void
 BackendIdGetTransactionIds(int backendID, TransactionId *xid, TransactionId *xmin)
 {
-	ProcState  *stateP;
 	SISeg	   *segP = shmInvalBuffer;
-	PGXACT	   *xact;
 
 	*xid = InvalidTransactionId;
 	*xmin = InvalidTransactionId;
@@ -415,11 +413,16 @@ BackendIdGetTransactionIds(int backendID, TransactionId *xid, TransactionId *xmi
 
 	if (backendID > 0 && backendID <= segP->lastBackend)
 	{
-		stateP = &segP->procState[backendID - 1];
-		xact = &ProcGlobal->allPgXact[stateP->proc->pgprocno];
+		ProcState  *stateP = &segP->procState[backendID - 1];
+		PGPROC	   *proc = stateP->proc;
 
-		*xid = xact->xid;
-		*xmin = xact->xmin;
+		if (proc != NULL)
+		{
+			PGXACT	   *xact = &ProcGlobal->allPgXact[proc->pgprocno];
+
+			*xid = xact->xid;
+			*xmin = xact->xmin;
+		}
 	}
 
 	LWLockRelease(SInvalWriteLock);
