Home > mailing lists

Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c) - Mailing list pgsql-hackers

From	Ranier Vilela
Subject	Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c)
Date	July 11, 2021 22:51:04
Msg-id	CAEudQAoWq+AL3BnELHu7gms2GN07k-np6yLbukGaxJ1vY-zeiQ@mail.gmail.com Whole thread Raw
Responses	Re: Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c) (Heikki Linnakangas <hlinnaka@iki.fi>)
List	pgsql-hackers

Tree view

Hi,

While analyzing a possible use of an uninitialized variable, I checked that *_bt_restore_page* can lead to memory corruption,

by not checking the maximum limit of array items which is MaxIndexTuplesPerPage.

It can also generate a dangling pointer by incrementing it beyond the limits it can point to.

While there, I promoted a reduction of scope and adaptation of the type of the *len* parameter to match XLogRecGetBlockData function.

pass regress check at Windows and check-world at Linux.

regards,

Ranier Vilela

Attachment

0001-_bt_restore_page-have-issues-can-lead-a-memory-corru.patch

pgsql-hackers by date:

From: "Euler Taveira"
Date: 11 July 2021, 22:48:26
Subject: Re: row filtering for logical replication

From: Heikki Linnakangas
Date: 12 July 2021, 01:19:47
Subject: Re: Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c)

Protect against possible memory corruption (src/backend/access/nbtree/nbtxlog.c) - Mailing list pgsql-hackers

Attachment

Previous

Next