Home > mailing lists

pgsql: Improve pglz_decompress's defenses against corrupt compressed da - Mailing list pgsql-committers

From	Tom Lane
Subject	pgsql: Improve pglz_decompress's defenses against corrupt compressed da
Date	October 19, 2023 03:43:43
Msg-id	E1qtH8Y-001FTQ-NI@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Improve pglz_decompress's defenses against corrupt compressed data.

When processing a match tag, check to see if the claimed "off"
is more than the distance back to the output buffer start.
If it is, then the data is corrupt, and what's more we would
fetch from outside the buffer boundaries and potentially incur
a SIGSEGV.  (Although the odds of that seem relatively low, given
that "off" can't be more than 4K.)

Back-patch to v13; before that, this function wasn't really
trying to protect against bad data.

Report and fix by Flavien Guedez.

Discussion: https://postgr.es/m/01fc0593-e31e-463d-902c-dd43174acee2@oopacity.net

Branch
------
REL_13_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/817669ea27c4ecc4240adc88a12ddaed51997b00

Modified Files
--------------
src/common/pg_lzcompress.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)

pgsql-committers by date:

From: Michael Paquier
Date: 19 October 2023, 03:43:09
Subject: pgsql: Install wait_event_types.h in VPATH builds

From: Michael Paquier
Date: 19 October 2023, 05:30:42
Subject: pgsql: Rename I/O timing statistics columns to shared_blk_{read|write}_

pgsql: Improve pglz_decompress's defenses against corrupt compressed da - Mailing list pgsql-committers

Previous

Next