| From: | Ranier Vilela <ranier_gyn(at)hotmail(dot)com> |
|---|---|
| To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [PATCH] Fix possible underflow in expression (maxoff - 1) |
| Date: | 2019-11-24 17:58:51 |
| Message-ID: | MN2PR18MB2927406C1B4BF182D12BA648E34B0@MN2PR18MB2927.namprd18.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
The var OffsetNumber maxoff it's like uint16, see at include/storage/off.h
typedef uint16 OffsetNumber;
Within the function _bt_afternewitemoff, at line 641, maxoff is used in an dangerous expression,
without protection.: (maxoff - 1)
The function: PageGetMaxOffsetNumber that initializes maxoff, can return zero.
See at storage/bufpage.h
* PageGetMaxOffsetNumber
* Returns the maximum offset number used by the given page.
* Since offset numbers are 1-based, this is also the number
* of items on the page.
*
* NOTE: if the page is not initialized (pd_lower == 0), we must
* return zero to ensure sane behavior. Accept double evaluation
* of the argument so that we can ensure this.
Surely not the best solution, but it was the best I could think of.
best regards.
Ranier Vilela
| Attachment | Content-Type | Size |
|---|---|---|
| nbtsplitloc.c.patch | text/x-patch | 556 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ranier Vilela | 2019-11-24 18:06:33 | RE: [PATCH] Possible arithmetic with NULL pointer or test "stack_base_ptr != NULL" is irrelevant. |
| Previous Message | Ranier Vilela | 2019-11-24 17:33:19 | RE: [PATCH] Style, remove redudant test "if (zeropadlen > 0)" |