| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix read beyond buffer bug introduced by the split xlog.c patch. |
| Date: | 2022-02-16 10:02:02 |
| Message-ID: | E1nKH8M-0004Oz-34@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix read beyond buffer bug introduced by the split xlog.c patch.
FinishWalRecovery() copied the valid part of the last WAL block into a
palloc'd buffer, and the code in StartupXLOG() copied it to the WAL
buffer. But the memcpy in StartupXLOG() copied a full 8kB block, not
just the valid part, i.e. it copied from beyond the end of the buffer.
The invalid part was cleared immediately afterwards, so as long as the
memory was allocated and didn't segfault, it didn't do any harm, but
it can definitely segfault.
Discussion: https://www.postgresql.org/message-id/efc12e32-5af2-3485-5b1d-5af9f707491a@iki.fi
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/9ed87a78e0377728588e5c8688202195694581aa
Modified Files
--------------
src/backend/access/transam/xlog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2022-02-16 11:09:49 | Re: pgsql: Move scanint8() to numutils.c |
| Previous Message | Peter Eisentraut | 2022-02-16 09:47:55 | pgsql: Reject trailing junk after numeric literals |