Out-of-bounds access (ARRAY_VS_SINGLETON) (src/backend/access/nbtree/nbtdedup.c)

From: Ranier Vilela <ranier(dot)vf(at)gmail(dot)com>
To: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Out-of-bounds access (ARRAY_VS_SINGLETON) (src/backend/access/nbtree/nbtdedup.c)
Date: 2020-08-25 17:13:42
Message-ID: CAEudQApgDeBDdA0BOtU89KMTZ+eDCqVTuPB=ohG0yMLE6NniAw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

Per Coverity.

ARRAY vs SINGLETON

If variable htids is accessed like array, but is a simple pointer, can be
"This might corrupt or misinterpret adjacent memory locations."

at line 723:
/* Form standard non-pivot tuple */
itup->t_info &= ~INDEX_ALT_TID_MASK;
htids = &itup->t_tid;

1. Here htids is a SINGLETON?

So:

At line 723:
htids[ui++] = *BTreeTupleGetPostingN(origtuple, i);

2. htids is accessed how ARRAY?

And is acessed at positions 0 and 1, according (nhtids == 1):
Assert(ui == nhtids);

The htids[1] are destroying something at this memory position.

regards,
Ranier Vilela

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andy Fan 2020-08-25 17:18:34 Re: Hybrid Hash/Nested Loop joins and caching results from subplans
Previous Message Andrew Dunstan 2020-08-25 17:03:37 Re: Continuing instability in insert-conflict-specconflict test