Quick Links

Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Greg Burd <greg(at)burd(dot)me>
Cc:	David Rowley <dgrowleyml(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
Date:	2025-08-14 15:52:49
Message-ID:	189026.1755186769@sss.pgh.pa.us
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Greg Burd <greg(at)burd(dot)me> writes:
> Well, that was rushed. Apologies.

I was thinking something more like

/* transform -1 to the highest possible bit we could have set */
if (prevbit == -1)
prevbit = a->nwords * BITS_PER_BITMAPWORD - 1;
else
+ {
+ Assert(prevbit > 0 && prevbit < a->nwords * BITS_PER_BITMAPWORD);
prevbit--;
+ }

Admittedly, this doesn't bother to check sanity of prevbit when
a == NULL, but I don't think doing so is useful enough to contort
the logic for it.

regards, tom lane

In response to

Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words at 2025-08-14 15:43:28 from Greg Burd

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2025-08-14 15:53:56	Re: [Feature request] Add a way to get the length of a PQerrorMessage in libpq
Previous Message	Álvaro Herrera	2025-08-14 15:52:07	Re: don't include tableam.h in nbtree.h