Home > mailing lists

Non-replayable WAL records through overflows and >MaxAllocSize lengths - Mailing list pgsql-hackers

From	Matthias van de Meent
Subject	Non-replayable WAL records through overflows and >MaxAllocSize lengths
Date	March 11, 2022 18:42:23
Msg-id	CAEze2WgGiw+LZt+vHf8tWqB_6VxeLsMeoAuod0N=ij1q17n5pw@mail.gmail.com Whole thread Raw
Responses	Re: Non-replayable WAL records through overflows and >MaxAllocSize lengths
List	pgsql-hackers

Tree view

Hi,

Xlogreader limits the size of what it considers valid xlog records to
MaxAllocSize; but this is not currently enforced in the
XLogRecAssemble API. This means it is possible to assemble a record
that postgresql cannot replay.
Similarly; it is possible to repeatedly call XlogRegisterData() so as
to overflow rec->xl_tot_len; resulting in out-of-bounds reads and
writes while processing record data;

PFA a patch that attempts to fix both of these issues in the insertion
API; by checking against overflows and other incorrectly large values
in the relevant functions in xloginsert.c. In this patch, I've also
added a comment to the XLogRecord spec to document that xl_tot_len
should not be larger than 1GB - 1B; and why that limit exists.

Kind regards,

Matthias van de Meent

Attachment

v1-0001-Add-protections-in-xlog-record-APIs-against-large.patch

pgsql-hackers by date:

From: Robert Haas
Date: 11 March 2022, 18:41:17
Subject: Re: role self-revocation

From: Bharath Rupireddy
Date: 11 March 2022, 18:42:25
Subject: Re: pg_walinspect - a new extension to get raw WAL data and WAL stats

Non-replayable WAL records through overflows and >MaxAllocSize lengths - Mailing list pgsql-hackers

Attachment

Previous

Next