The following bug has been logged on the website:
Bug reference: 17847
Logged by: Alexander Lakhin
Email address: exclusion@gmail.com
PostgreSQL version: 15.2
Operating system: Ubuntu 22.04
Description:
When the following query executed with address sanitizers (and
-fsanitize=alignment):
CREATE EXTENSION ltree;
CREATE TABLE lt (t ltree);
INSERT INTO lt SELECT format('%s.%s', i / 10, i % 10)::ltree FROM
generate_series(1, 200) i;
CREATE INDEX ltidx ON lt USING gist (t gist_ltree_ops(siglen=99));
An incorrect memory access is detected:
ltree_gist.c:66:12: runtime error: member access within misaligned address
0x62500019bfd3 for type 'varattrib_4b', which requires 4 byte alignment
That line contains:
memcpy(LTG_RNODE(result, siglen), right, VARSIZE(right));
Here the following macros are used:
#define VARSIZE(PTR)
VARSIZE_4B(PTR)
/* VARSIZE_4B() should only be used on known-aligned data */
#define VARSIZE_4B(PTR) \
((((varattrib_4b *) (PTR))->va_4byte.va_header >> 2) & 0x3FFFFFFF)
#define LTG_RNODE(x, siglen) ( LTG_ISNORIGHT(x) ? LTG_LNODE(x, siglen) :
LTG_RENODE(x, siglen) )
#define LTG_LNODE(x, siglen) ( (ltree*)( ( ((char*)(x))+LTG_HDRSIZE ) + (
LTG_ISALLTRUE(x) ? 0 : (siglen) ) ) )
#define LTG_RENODE(x, siglen) ( (ltree*)( ((char*)LTG_LNODE(x, siglen)) +
VARSIZE(LTG_LNODE(x, siglen))) )
that can be expanded as:
... + VARSIZE( (ltree*)( ( ((char*)(result))+LTG_HDRSIZE ) + (
LTG_ISALLTRUE(result) ? 0 : (siglen) ) ) )
Even though result and LTG_HDRSIZE are aligned, with an arbitrary siglen
value we get a pointer that is not suitable for VARSIZE_4B.
BTW, d952373a9 made the comment in src/include/utils/memutils.h outdated:
* ... See VARSIZE_4B() and related macros in
* postgres.h. ...
