| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Postgres hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | Plug-in coverage hole for pglz_decompress() |
| Date: | 2026-05-11 06:35:50 |
| Message-ID: | agF4xkIdRcrCIprs@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all,
(Andrew in CC, in case.)
While doing a post-commit review of 67d318e70402, I have noticed the
following coverage hole in pglz_decompress(), where a failure of this
check is not covered, see also [1]:
if (unlikely(off == 0 ||
off > (dp - (unsigned char *) dest)))
return -1;
This can be triggered easily with the two following sequences in the
regression tests:
SELECT test_pglz_decompress('\x011001'::bytea, 1024, true);
SELECT test_pglz_decompress('\x010300'::bytea, 1024, true);
It's unfortunately too late for this round of minor releases, but I'd
like to fix this hole once the next minor versions are tagged, down to
v14. If there are any objections or comments, feel free. Mea culpa.
Thanks,
[1]: https://coverage.postgresql.org/src/common/pg_lzcompress.c.gcov.html
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-more-tests-for-corrupted-data-in-pglz_decompress.patch | text/plain | 2.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2026-05-11 06:39:24 | Re: [PATCH] Clean up property graph error messages |
| Previous Message | shveta malik | 2026-05-11 06:21:19 | Re: Proposal: Conflict log history table for Logical Replication |