| From: | David Rowley <drowley(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Don't reference out-of-bounds array elements in brin_minmax_mult |
| Date: | 2022-09-12 23:05:40 |
| Message-ID: | E1oXsUl-0004dK-Ls@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Don't reference out-of-bounds array elements in brin_minmax_multi.c
The primary fix here is to fix has_matching_range() so it does not
reference ranges->values[-1] when nranges == 0. Similar problems existed
in AssertCheckRanges() too. It does not look like any of these problems
could lead to a crash as the array in question is at the end of the Ranges
struct, and values[-1] is memory that belongs to other fields in the
struct. However, let's get rid of these rather unsafe coding practices.
In passing, I (David) adjusted some comments to try to make it more clear
what some of the fields are for in the Ranges struct. I had to study the
code to find out what nsorted was for as I couldn't tell from the
comments.
Author: Ranier Vilela
Discussion: https://postgr.es/m/CAEudQAqJQzPitufX-jR=YUbJafpCDAKUnwgdbX_MzSc93wuvdw@mail.gmail.com
Backpatch-through: 14, where multi-range brin was added.
Branch
------
REL_14_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/c2aa5d01e3e33776f77e68a60ca5b60b58c5c674
Modified Files
--------------
src/backend/access/brin/brin_minmax_multi.c | 172 ++++++++++++++--------------
1 file changed, 88 insertions(+), 84 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2022-09-13 01:39:59 | pgsql: Move any remaining files generated by pg_upgrade into an interna |
| Previous Message | David Rowley | 2022-09-12 23:05:02 | pgsql: Don't reference out-of-bounds array elements in brin_minmax_mult |