Fix race condition when sharing tuple descriptors.

Parallel query processes that called BlessTupleDesc() for identical
tuple descriptors at the same moment could crash.  There was code to
handle that rare case, but it dereferenced a bogus DSA pointer.  Repair.

Back-patch to 11, where commit cc5f8136 added support for sharing tuple
descriptors in parallel queries.

Reported-by: Eric Thinnes 
Discussion: https://postgr.es/m/99aaa2eb-e194-bf07-c29a-1a76b4f2bcf9%40gmx.de

diff --git a/src/backend/utils/cache/typcache.c b/src/backend/utils/cache/typcache.c
index f51248b70d027998c2023fd768e9acabfb5fbe1e..c848d09d14bbd569275bfac97ef42c7623a9d951 100644 (file)
--- a/src/backend/utils/cache/typcache.c
+++ b/src/backend/utils/cache/typcache.c
@@ -2707,7 +2707,7 @@ find_or_make_matching_shared_tupledesc(TupleDesc tupdesc)
        Assert(record_table_entry->key.shared);
        result = (TupleDesc)
            dsa_get_address(CurrentSession->area,
-                           record_table_entry->key.shared);
+                           record_table_entry->key.u.shared_tupdesc);
        Assert(result->tdrefcount == -1);
 
        return result;