public inbox for [email protected]
help / color / mirror / Atom feedFrom: Anthonin Bonnefoy <[email protected]>
To: PostgreSQL Hackers <[email protected]>
Subject: Fix uninitialized xl_running_xacts padding
Date: Fri, 13 Feb 2026 10:39:14 +0100
Message-ID: <CAO6_Xqoxp7C+y0L==xZXH5V=9PjpBx4T9vJYs87EbxFp_9nwOA@mail.gmail.com> (raw)
Hi,
While looking at the generated WAL, I've found out that RUNNING_XACTS
records contain data from uninitialized padding bytes. This can be
seen by generating a simple WAL with "SELECT pg_switch_wal();
CHECKPOINT;"
Finding the position of the running_xacts record with pg_waldump:
rmgr: Standby len (rec/tot): 54/ 54, tx: 0, lsn:
0/02D001D0, prev 0/02D00198, desc: RUNNING_XACTS nextXid 803
latestCompletedXid 801 oldestRunningXid 802; 1 xacts: 802
And getting the content of the running xacts record, skipping the 24
bytes of record header:
hexdump -C -s $((0x1d0 + 24)) -n 30 00000001000000000000002D
Which yields the following:
ff 1c 01 00 00 00 00 00 00 00 00 ca ce 9b 23 03
00 00 22 03 00 00 21 03 00 00 22 03 00 00
Looking at the xl_running_xacts, structure, we have the following:
id: ff
length: 1c
xcnt: 01 00 00 00
subxcnt: 00 00 00 00
subxid_overflow: 00
padding: ca ce 9b
nextXid: 00 00 22 03
...
The 3 bytes of padding after subxid_overflow were left uninitialized,
leading to the random 'ca ce 9b' data being written in the WAL. The
attached patch fixes the issue by zeroing the xl_running_xacts
structure in LogCurrentRunningXacts using MemSet.
Regards,
Anthonin Bonnefoy
Attachments:
[application/octet-stream] v1-0001-Zero-pad-bytes-of-xl_running_xacts.patch (1.0K, 2-v1-0001-Zero-pad-bytes-of-xl_running_xacts.patch)
download | inline diff:
From 555b1ddf4daa983a539a1ef0461bffe15f8d5711 Mon Sep 17 00:00:00 2001
From: Anthonin Bonnefoy <[email protected]>
Date: Fri, 13 Feb 2026 09:22:45 +0100
Subject: Zero pad bytes of xl_running_xacts
xl_running_xacts has 3 padding bytes after subxid_overflow which are
currently uninitialized. When the struct is written, those uninitialized
bytes are also written in the WAL.
This patch ensures those pad bytes are zeroed.
---
src/backend/storage/ipc/standby.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/backend/storage/ipc/standby.c b/src/backend/storage/ipc/standby.c
index 7fa8d9247e0..4db944c3a16 100644
--- a/src/backend/storage/ipc/standby.c
+++ b/src/backend/storage/ipc/standby.c
@@ -1355,6 +1355,7 @@ LogCurrentRunningXacts(RunningTransactions CurrRunningXacts)
xl_running_xacts xlrec;
XLogRecPtr recptr;
+ MemSet(&xlrec, 0, sizeof(xl_running_xacts));
xlrec.xcnt = CurrRunningXacts->xcnt;
xlrec.subxcnt = CurrRunningXacts->subxcnt;
xlrec.subxid_overflow = (CurrRunningXacts->subxid_status != SUBXIDS_IN_ARRAY);
--
2.52.0
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: Fix uninitialized xl_running_xacts padding
In-Reply-To: <CAO6_Xqoxp7C+y0L==xZXH5V=9PjpBx4T9vJYs87EbxFp_9nwOA@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox