Hi,
On 2023-01-12 20:35:43 +1300, Thomas Munro wrote:
> Subject: [PATCH] Fix WaitEventSetWait() buffer overrun.
>
> The WAIT_USE_EPOLL and WAIT_USE_KQUEUE implementations of
> WaitEventSetWaitBlock() confused the size of their internal buffer with
> the size of the caller's output buffer, and could ask the kernel for too
> many events. In fact the set of events retrieved from the kernel needs
> to be able to fit in both buffers, so take the minimum of the two.
>
> The WAIT_USE_POLL and WAIT_USE WIN32 implementations didn't have this
> confusion.
> This probably didn't come up before because we always used the same
> number in both places, but commit 7389aad6 calculates a dynamic size at
> construction time, while using MAXLISTEN for its output event buffer on
> the stack. That seems like a reasonable thing to want to do, so
> consider this to be a pre-existing bug worth fixing.
> As reported by skink, valgrind and Tom Lane.
>
> Discussion: https://postgr.es/m/901504.1673504836%40sss.pgh.pa.us
Makes sense. We should backpatch this, I think?
Greetings,
Andres Freund