From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
---|---|
To: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | ARRNELEMS Out-of-bounds possible errors |
Date: | 2022-12-22 15:35:58 |
Message-ID: | CAEudQAqV78KwACTqN1DGGFZ_n+crst-p3EFQDVE8kc-mtpu_bA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi.
Per Coverity.
The commit ccff2d2
<https://github.com/postgres/postgres/commit/ccff2d20ed9622815df2a7deffce8a7b14830965>,
changed the behavior function ArrayGetNItems,
with the introduction of the function ArrayGetNItemsSafe.
Now ArrayGetNItems may return -1, according to the comment.
" instead of throwing an exception. -1 is returned after an error."
So the macro ARRNELEMS can fail entirely with -1 return,
resulting in codes failing to use without checking the function return.
Like (contrib/intarray/_int_gist.c):
{
int nel;
nel = ARRNELEMS(ent);
memcpy(ptr, ARRPTR(ent), nel * sizeof(int32));
}
Sources possibly affecteds:
contrib\cube\cube.c
contrib\intarray\_intbig_gist.c
contrib\intarray\_int_bool.c
contrib\intarray\_int_gin.c
contrib\intarray\_int_gist.c
contrib\intarray\_int_op.c
contrib\intarray\_int_tool.c:
Thoughts?
regards,
Ranier Vilela
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2022-12-22 16:05:36 | Re: Optimization issue of branching UNION ALL |
Previous Message | Masahiko Sawada | 2022-12-22 14:59:22 | Re: [PoC] Improve dead tuple storage for lazy vacuum |