Skip site navigation (1) Skip section navigation (2)

pgsql: Avoid possibly accessing off the end of memory inexamine_attrib

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Avoid possibly accessing off the end of memory inexamine_attrib
Date: 2011-09-06 18:38:37
Message-ID: E1R10Xd-0000Sh-Og@gemulon.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Avoid possibly accessing off the end of memory in examine_attribute().

Since the last couple of columns of pg_type are often NULL,
sizeof(FormData_pg_type) can be an overestimate of the actual size of the
tuple data part.  Therefore memcpy'ing that much out of the catalog cache,
as analyze.c was doing, poses a small risk of copying past the end of
memory and incurring SIGSEGV.  No such crash has been identified in the
field, but we've certainly seen the equivalent happen in other code paths,
so patch this one all the way back.

Per valgrind testing by Noah Misch, though this is not his proposed patch.
I chose to use SearchSysCacheCopy1 rather than inventing special-purpose
infrastructure for copying only the minimal part of a pg_type tuple.

Branch
------
REL8_2_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/80360976e6d55f532d6c404bedcf06d5b10d7801

Modified Files
--------------
src/backend/commands/analyze.c |   12 +++++-------
1 files changed, 5 insertions(+), 7 deletions(-)

pgsql-committers by date

Next:From: Tom LaneDate: 2011-09-06 18:53:29
Subject: pgsql: Avoid possibly accessing off the end of memory in SJIS2004conve
Previous:From: Bruce MomjianDate: 2011-09-06 17:42:13
Subject: pgsql: Document PERFORM limitation when using WITH queries.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group