| From: | Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Re: Plug-in coverage hole for pglz_decompress() |
| Date: | 2026-05-11 06:57:43 |
| Message-ID: | CAJTYsWXdokwek2CKfzYT9BjrDobhikoUbgq0tHz8mhpSmap-NA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Mon, 11 May 2026 at 12:06, Michael Paquier <michael(at)paquier(dot)xyz> wrote:
> Hi all,
> (Andrew in CC, in case.)
>
> While doing a post-commit review of 67d318e70402, I have noticed the
> following coverage hole in pglz_decompress(), where a failure of this
> check is not covered, see also [1]:
> if (unlikely(off == 0 ||
> off > (dp - (unsigned char *) dest)))
> return -1;
>
> This can be triggered easily with the two following sequences in the
> regression tests:
> SELECT test_pglz_decompress('\x011001'::bytea, 1024, true);
> SELECT test_pglz_decompress('\x010300'::bytea, 1024, true);
>
> It's unfortunately too late for this round of minor releases, but I'd
> like to fix this hole once the next minor versions are tagged, down to
> v14. If there are any objections or comments, feel free. Mea culpa.
>
>
I looked at this on my current master. The patch applies cleanly and
compression_pglz passes for me.
The two added inputs seem to cover the intended cases: one produces an
offset larger than the amount of output already written, and the other
produces offset zero, so both exercise the corrupt-input guard in
pglz_decompress().
Patch looks good to me.
Regards,
Ayush
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Filip Janus | 2026-05-11 07:09:21 | Re: Proposal: Adding compression of temporary files |
| Previous Message | Chao Li | 2026-05-11 06:54:18 | Re: Fix REPACK with WITHOUT OVERLAPS replica identity indexes |