Quick Links

potential integer overflow in md.c

From:	Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM>
To:	pgsql-bugs(at)postgresql(dot)org
Subject:	potential integer overflow in md.c
Date:	2007-04-04 16:27:03
Message-ID:	4613D1D7.5060307@sun.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

I found following expression in md.c:

seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE)));

all variables and constants are int (32-bit) and long (also very often
32-bit). In case when somebody want to change RELSEG_SIZE to value
related to 4GB and bigger chunk he can expect data overwriting.

This seek problem is on more places, however in standard compilation
chunk size is 1GB and this problem does not appear.

I'm going to fix it.

Zdenek

Responses

Re: potential integer overflow in md.c at 2007-04-04 16:47:57 from Tom Lane

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Tom Lane	2007-04-04 16:47:57	Re: potential integer overflow in md.c
Previous Message	Bruce Momjian	2007-04-02 22:24:04	Re: BUG #3048: pg_dump dumps intarray metadata incorrectly