Re: UBSan pointer overflow in xlogreader.c - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: UBSan pointer overflow in xlogreader.c
Date
Msg-id 20231205180402.GB2757816@nathanxps13
Whole thread Raw
In response to UBSan pointer overflow in xlogreader.c  (Thomas Munro <thomas.munro@gmail.com>)
Responses Re: UBSan pointer overflow in xlogreader.c
List pgsql-hackers
On Wed, Dec 06, 2023 at 12:03:53AM +1300, Thomas Munro wrote:
> xlogreader.c has a pointer overflow bug, as revealed by the
> combination of -fsanitize=undefined -m32, the new 039_end_of_wal.pl
> test and Robert's incremental backup patch[1].  The bad code tests
> whether an object could fit using something like base + size <= end,
> which can be converted to something like size <= end - base to avoid
> the overflow.  See experimental fix patch, attached.

The patch LGTM.  I wonder if it might be worth creating some special
pointer arithmetic routines (perhaps using the stuff in common/int.h) to
help prevent this sort of thing in the future.  But that'd require you to
realize that your code is at risk of overflow, at which point it's probably
just as easy to restructure the logic like you've done here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Davin Shearer
Date:
Subject: Re: Emitting JSON to file using COPY TO
Next
From: Robert Haas
Date:
Subject: Re: trying again to get incremental backup