From: | Ranier Vilela <ranier_gyn(at)hotmail(dot)com> |
---|---|
To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | [PATCH] Fix possible underflow in expression (maxoff - 1) |
Date: | 2019-11-24 17:58:51 |
Message-ID: | MN2PR18MB2927406C1B4BF182D12BA648E34B0@MN2PR18MB2927.namprd18.prod.outlook.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
The var OffsetNumber maxoff it's like uint16, see at include/storage/off.h
typedef uint16 OffsetNumber;
Within the function _bt_afternewitemoff, at line 641, maxoff is used in an dangerous expression,
without protection.: (maxoff - 1)
The function: PageGetMaxOffsetNumber that initializes maxoff, can return zero.
See at storage/bufpage.h
* PageGetMaxOffsetNumber
* Returns the maximum offset number used by the given page.
* Since offset numbers are 1-based, this is also the number
* of items on the page.
*
* NOTE: if the page is not initialized (pd_lower == 0), we must
* return zero to ensure sane behavior. Accept double evaluation
* of the argument so that we can ensure this.
Surely not the best solution, but it was the best I could think of.
best regards.
Ranier Vilela
Attachment | Content-Type | Size |
---|---|---|
nbtsplitloc.c.patch | text/x-patch | 556 bytes |
From | Date | Subject | |
---|---|---|---|
Next Message | Ranier Vilela | 2019-11-24 18:06:33 | RE: [PATCH] Possible arithmetic with NULL pointer or test "stack_base_ptr != NULL" is irrelevant. |
Previous Message | Ranier Vilela | 2019-11-24 17:33:19 | RE: [PATCH] Style, remove redudant test "if (zeropadlen > 0)" |