BUG #17280: global-buffer-overflow on select from pg_stat_slru - Mailing list pgsql-bugs
From | PG Bug reporting form |
---|---|
Subject | BUG #17280: global-buffer-overflow on select from pg_stat_slru |
Date | |
Msg-id | 17280-37da556e86032070@postgresql.org Whole thread Raw |
Responses |
Re: BUG #17280: global-buffer-overflow on select from pg_stat_slru
|
List | pgsql-bugs |
The following bug has been logged on the website: Bug reference: 17280 Logged by: Alexander Kozhemyakin Email address: a.kozhemyakin@postgrespro.ru PostgreSQL version: 14.0 Operating system: Ubuntu 21.04 Description: The following simple query: select * from pg_catalog.pg_stat_slru leads to the sanitizer-detected error: ==23911==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5582bec7c5e0 at pc 0x5582bbd2c01c bp 0x7fff0b73a470 sp 0x7fff0b73a460 READ of size 64 at 0x5582bec7c5e0 thread T0 #0 0x5582bbd2c01b in pg_stat_get_slru /home/postgres/postgres/src/backend/utils/adt/pgstatfuncs.c:1914 #1 0x5582bb405b83 in ExecMakeTableFunctionResult /home/postgres/postgres/src/backend/executor/execSRF.c:234 #2 0x5582bb45dfd5 in FunctionNext /home/postgres/postgres/src/backend/executor/nodeFunctionscan.c:95 #3 0x5582bb408a6f in ExecScanFetch /home/postgres/postgres/src/backend/executor/execScan.c:133 #4 0x5582bb408cba in ExecScan /home/postgres/postgres/src/backend/executor/execScan.c:182 #5 0x5582bb45db99 in ExecFunctionScan /home/postgres/postgres/src/backend/executor/nodeFunctionscan.c:270 #6 0x5582bb3fd916 in ExecProcNodeFirst /home/postgres/postgres/src/backend/executor/execProcnode.c:463 #7 0x5582bb3ddf35 in ExecProcNode ../../../src/include/executor/executor.h:257 #8 0x5582bb3ddf35 in ExecutePlan /home/postgres/postgres/src/backend/executor/execMain.c:1551 #9 0x5582bb3de54b in standard_ExecutorRun /home/postgres/postgres/src/backend/executor/execMain.c:361 #10 0x5582bb3de75a in ExecutorRun /home/postgres/postgres/src/backend/executor/execMain.c:305 #11 0x5582bbabc326 in PortalRunSelect /home/postgres/postgres/src/backend/tcop/pquery.c:921 #12 0x5582bbac25e3 in PortalRun /home/postgres/postgres/src/backend/tcop/pquery.c:765 #13 0x5582bbab6277 in exec_simple_query /home/postgres/postgres/src/backend/tcop/postgres.c:1214 #14 0x5582bbabb2e1 in PostgresMain /home/postgres/postgres/src/backend/tcop/postgres.c:4497 #15 0x5582bb86dadd in BackendRun /home/postgres/postgres/src/backend/postmaster/postmaster.c:4584 #16 0x5582bb876e01 in BackendStartup /home/postgres/postgres/src/backend/postmaster/postmaster.c:4312 #17 0x5582bb8775a9 in ServerLoop /home/postgres/postgres/src/backend/postmaster/postmaster.c:1801 #18 0x5582bb879d6f in PostmasterMain /home/postgres/postgres/src/backend/postmaster/postmaster.c:1473 #19 0x5582bb563465 in main /home/postgres/postgres/src/backend/main/main.c:198 #20 0x7fac88170564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564) #21 0x5582baba0ded in _start (/home/postgres/rel_master/bin/postgres+0x1a72ded) 0x5582bec7c5e0 is located 32 bytes to the left of global variable 'walStats' defined in 'pgstat.c:282:24' (0x5582bec7c600) of size 72 0x5582bec7c5e0 is located 0 bytes to the right of global variable 'slruStats' defined in 'pgstat.c:283:25' (0x5582bec7c3e0) of size 512 SUMMARY: AddressSanitizer: global-buffer-overflow /home/postgres/postgres/src/backend/utils/adt/pgstatfuncs.c:1914 in pg_stat_get_slru Shadow bytes around the buggy address: 0x0ab0d7d87860: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 0x0ab0d7d87870: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 0x0ab0d7d87880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab0d7d87890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab0d7d878a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ab0d7d878b0: 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9 f9 0x0ab0d7d878c0: 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 0x0ab0d7d878d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 0x0ab0d7d878e0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x0ab0d7d878f0: 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 0x0ab0d7d87900: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc
pgsql-bugs by date: