Re: doPickSplit stack buffer overflow in XLogInsert? - Mailing list pgsql-hackers

From Andres Freund
Subject Re: doPickSplit stack buffer overflow in XLogInsert?
Date
Msg-id 20131126221949.GJ23284@alap2.anarazel.de
Whole thread Raw
In response to doPickSplit stack buffer overflow in XLogInsert?  (Kevin Grittner <kgrittn@ymail.com>)
Responses Re: doPickSplit stack buffer overflow in XLogInsert?
List pgsql-hackers
On 2013-11-26 14:14:38 -0800, Kevin Grittner wrote:
> I happened to build in a shell that was still set up for the clang
> address sanitizer, and got the attached report.  On a rerun it was
> repeatable.  XLogInsert() seems to read past the end of a variable
> allocated on the stack in doPickSplit(). I haven't tried to analyze
> it past that, since this part of the code is unfamiliar to me.

Yea, I've seen that one before as well and planned to report it at some
point. The reason is the MAXALIGN()s in ACCEPT_RDATA_DATA(). That rounds
up to 8byte boundaries, while we've e.g. only added 2bytes of slop to
toDelete.


Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services



pgsql-hackers by date:

Previous
From: Hannu Krosing
Date:
Subject: Re: [PATCH] Add transforms feature
Next
From: Paul Ramsey
Date:
Subject: Re: Traffic jams in fn_extra