Home > mailing lists

Possible memory corruption (src/timezone/zic.c b/src/timezone/zic.c) - Mailing list pgsql-hackers

From	Ranier Vilela
Subject	Possible memory corruption (src/timezone/zic.c b/src/timezone/zic.c)
Date	May 15, 2021 00:43:24
Msg-id	CAEudQApPZCp12sc6Uu+V6WjNHQD4N3b0w7img99K8Eehoy5OAA@mail.gmail.com Whole thread Raw
Responses	Re: Possible memory corruption (src/timezone/zic.c b/src/timezone/zic.c)
List	pgsql-hackers

Tree view

Hi,

Per Coverity.

CID 1412632 (#1 of 1): Out-of-bounds access (OVERRUN)1.

overrun-buffer-val: Overrunning buffer pointed to by &c of 1 bytes by passing it to a function which accesses it at byte offset 4.

For some people, Coverity opinions count zero.

Who knows for others, it helps.

It doesn't matter if WideCharToMultiByte, it will fail or not, the danger exists.

If WideCharToMultiByte returns 4, memmove will possibly destroy 4 bytes.

The fix, use of the traditional and bogus C style, without tricks.

diff --git a/src/timezone/zic.c b/src/timezone/zic.c
index 0ea6ead2db..a5f7e7f1cd 100644
--- a/src/timezone/zic.c
+++ b/src/timezone/zic.c
@@ -1129,9 +1129,9 @@ static bool
itssymlink(char const *name)
{
#ifdef HAVE_SYMLINK
- char c;
+ char linkpath[MAXPGPATH];

- return 0 <= readlink(name, &c, 1);
+ return 0 <= readlink(name, linkpath, sizeof(linkpath));
#else
return false;
#endif

regards,

Ranier Vilela

Attachment

fix_possible_memory_corruption_zic.patch

pgsql-hackers by date:

From: Tom Lane
Date: 15 May 2021, 00:43:19
Subject: Re: Some other CLOBBER_CACHE_ALWAYS culprits

From: Robert Haas
Date: 15 May 2021, 01:28:12
Subject: Re: Race condition in recovery?

Possible memory corruption (src/timezone/zic.c b/src/timezone/zic.c) - Mailing list pgsql-hackers

Attachment

Previous

Next