Home > mailing lists

[PATCH] bms_prev_member() can read beyond the end of the array of allocated words - Mailing list pgsql-hackers

From	Greg Burd
Subject	[PATCH] bms_prev_member() can read beyond the end of the array of allocated words
Date	August 14 16:20:45
Msg-id	2000A717-1FFE-4031-827B-9330FB2E9065@getmailspring.com Whole thread Raw
Responses	Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
List	pgsql-hackers

Tree view

Hello,

I've been working on Bitmapset and while creating a test suite for it I
found that there is a missing bounds check in bms_prev_member(). The
function takes the prevbit argument and converts it to an index into the
words array using WORDNUM() without checking to ensure that prevbit is
within the bounds of the possible values (e.g. nwords *
BITS_PER_BITMAPWORD) in the set.  This means that $subject resulting in
a confusing return value when the expected value should be the highest
bit set.

The patch attached adds a bounds check preventing this.

-greg

Attachment

v1-0001-Prevent-bms_prev_member-from-reading-beyond-the-e.patch

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 14 August, 16:10:51
Subject: Re: BackendKeyData is mandatory?

From: Aleksander Alekseev
Date: 14 August, 16:29:09
Subject: Re: cfbot mistakenly reports that a rebase is needed

[PATCH] bms_prev_member() can read beyond the end of the array of allocated words - Mailing list pgsql-hackers

Attachment

Previous

Next