Re: BUG #17928: Standby fails to decode WAL on termination of primary
Thomas Munro <thomas.munro@gmail.com>
From: Thomas Munro <thomas.munro@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Alexander Lakhin <exclusion@gmail.com>, Sergei Kornilov <sk@zsrv.org>,
Noah Misch <noah@leadboat.com>, Tom Lane <tgl@sss.pgh.pa.us>, Kyotaro Horiguchi <horikyota.ntt@gmail.com>, pgsql-bugs@lists.postgresql.org, Fujii Masao <masao.fujii@oss.nttdata.com>
Date: 2023-09-22T03:11:54Z
Lists: pgsql-bugs
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Correct assertion and comments about XLogRecordMaxSize.
- e1f95ec8cf6e 17.0 landed
-
Fix edge-case for xl_tot_len broken by bae868ca.
- bde2f1847f51 12.17 landed
- 45d1fe8b53d4 13.13 landed
- 3d413c5a76fa 14.10 landed
- 99d334a187ae 15.5 landed
- 10d0591ea227 16.1 landed
- becfbdd6c1c9 17.0 landed
-
Don't use Perl pack('Q') in 039_end_of_wal.pl.
- 82314dbfca7f 12.17 landed
- 07896f468f23 13.13 landed
- afa504ba2f5d 14.10 landed
- 21b4c3ca0b22 15.5 landed
- cc58607b019a 16.1 landed
- 91b0e85aa0ad 17.0 landed
-
Don't trust unvalidated xl_tot_len.
- e8f3c0687116 12.17 landed
- 6606c57162cb 13.13 landed
- 3ce3b53d76a3 14.10 landed
- f4d152edd8f3 15.5 landed
- ce497f648e2d 16.1 landed
- bae868caf222 17.0 landed
-
Make recovery report error message when invalid page header is found.
- 7b03d3a3ba45 12.17 landed
- 5dc093eacef1 13.13 landed
- 2f13e8d9ec28 14.10 landed
-
Add more protections in WAL record APIs against overflows
- 8fcb32db98ed 16.0 cited
A thought: commit 8fcb32db prevented us from logging messages that are too big to be decoded, but it wasn't back-patched. I think that means that in older branches, there is a behaviour change unrelated to the "garbage bytes" problem discussed in this thread, and separate also from the out-of-memory problem. If someone generates a record too big to decode, say with pg_logical_emit_message(), we will fail differently. Before this patch set, we'd bogusly detect end-of-WAL, and after this patch we'd fail to palloc and recovery would bogusly fail. Which outcome is more bogus is hard to answer, and clearly we should prevent it upstream, but didn't for technical reasons. Do you agree that that is a separate topic that doesn't prevent us from committing this fix?