Home > mailing lists

Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words - Mailing list pgsql-hackers

From	David Rowley
Subject	Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
Date	August 14 16:46:55
Msg-id	CAApHDvpOwmEa46bJurnCsp-Ug8A8mnmbJt+bn9txBUg3SGbNZg@mail.gmail.com Whole thread Raw
In response to	[PATCH] bms_prev_member() can read beyond the end of the array of allocated words (Greg Burd <greg@burd.me>)
Responses	Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
List	pgsql-hackers

Tree view

On Fri, 15 Aug 2025 at 01:21, Greg Burd <greg@burd.me> wrote:
> I've been working on Bitmapset and while creating a test suite for it I
> found that there is a missing bounds check in bms_prev_member(). The
> function takes the prevbit argument and converts it to an index into the
> words array using WORDNUM() without checking to ensure that prevbit is
> within the bounds of the possible values (e.g. nwords *
> BITS_PER_BITMAPWORD) in the set.  This means that $subject resulting in
> a confusing return value when the expected value should be the highest
> bit set.

There's a comment saying:

 * "prevbit" must NOT be more than one above the highest possible bit that can
 * be set at the Bitmapset at its current size.

So looks like it's the fault of the calling code and not an issue with
bms_prev_member().

David

pgsql-hackers by date:

From: David Rowley
Date: 14 August, 16:40:53
Subject: Re: Compilation issues for HASH_STATISTICS and HASH_DEBUG options

From: Tom Lane
Date: 14 August, 17:00:37
Subject: Re: Compilation issues for HASH_STATISTICS and HASH_DEBUG options

Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words - Mailing list pgsql-hackers

Previous

Next