> 15 янв. 2021 г., в 10:24, Peter Eisentraut <peter.eisentraut@enterprisedb.com> написал(а):
>
> I noticed this patch while working on another patch for pageinspect [0], and this one appears to introduce a problem
similarto the one the other patch attempts to fix: The "itemlen" output parameters are declared to be of type smallint,
butthe underlying C data is of type uint16 (OffsetNumber). I don't know the details of gist enough to determine
whetheroverflow is possible here. If not, perhaps a check or at least a comment would be useful. Otherwise, these
parametersshould be of type int in SQL.
Item offsets cannot exceed maximum block size of 32768. And even 32768/sizeof(ItemId). Thus overflow is impossible.
Interesting question is wether pageinspect should protect itself from corrupted input?
Generating description from bogus tuple, probably, can go wrong.
Best regards, Andrey Borodin.
