| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | ARRNELEMS Out-of-bounds possible errors |
| Date: | 2022-12-22 15:35:58 |
| Message-ID: | CAEudQAqV78KwACTqN1DGGFZ_n+crst-p3EFQDVE8kc-mtpu_bA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi.
Per Coverity.
The commit ccff2d2
<https://github.com/postgres/postgres/commit/ccff2d20ed9622815df2a7deffce8a7b14830965>,
changed the behavior function ArrayGetNItems,
with the introduction of the function ArrayGetNItemsSafe.
Now ArrayGetNItems may return -1, according to the comment.
" instead of throwing an exception. -1 is returned after an error."
So the macro ARRNELEMS can fail entirely with -1 return,
resulting in codes failing to use without checking the function return.
Like (contrib/intarray/_int_gist.c):
{
int nel;
nel = ARRNELEMS(ent);
memcpy(ptr, ARRPTR(ent), nel * sizeof(int32));
}
Sources possibly affecteds:
contrib\cube\cube.c
contrib\intarray\_intbig_gist.c
contrib\intarray\_int_bool.c
contrib\intarray\_int_gin.c
contrib\intarray\_int_gist.c
contrib\intarray\_int_op.c
contrib\intarray\_int_tool.c:
Thoughts?
regards,
Ranier Vilela
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-12-22 16:05:36 | Re: Optimization issue of branching UNION ALL |
| Previous Message | Masahiko Sawada | 2022-12-22 14:59:22 | Re: [PoC] Improve dead tuple storage for lazy vacuum |