Home > mailing lists

[PATCH] Fix possible underflow in expression (maxoff - 1) - Mailing list pgsql-hackers

From	Ranier Vilela
Subject	[PATCH] Fix possible underflow in expression (maxoff - 1)
Date	November 24, 2019 20:58:51
Msg-id	MN2PR18MB2927406C1B4BF182D12BA648E34B0@MN2PR18MB2927.namprd18.prod.outlook.com Whole thread Raw
Responses	Re: [PATCH] Fix possible underflow in expression (maxoff - 1)
List	pgsql-hackers

Tree view

Hi,
The var OffsetNumber maxoff it's like uint16, see at include/storage/off.h
typedef uint16 OffsetNumber;

Within the function _bt_afternewitemoff, at line 641, maxoff is used in an dangerous expression,
without protection.:  (maxoff - 1)

The function: PageGetMaxOffsetNumber that initializes maxoff, can return zero.
See at storage/bufpage.h
 * PageGetMaxOffsetNumber
 *        Returns the maximum offset number used by the given page.
 *        Since offset numbers are 1-based, this is also the number
 *        of items on the page.
 *
 *        NOTE: if the page is not initialized (pd_lower == 0), we must
 *        return zero to ensure sane behavior.  Accept double evaluation
 *        of the argument so that we can ensure this.

Surely not the best solution, but it was the best I could think of.

best regards.
Ranier Vilela

Attachment

nbtsplitloc.c.patch

pgsql-hackers by date:

From: Ranier Vilela
Date: 24 November 2019, 20:33:19
Subject: RE: [PATCH] Style, remove redudant test "if (zeropadlen > 0)"

From: Ranier Vilela
Date: 24 November 2019, 21:06:33
Subject: RE: [PATCH] Possible arithmetic with NULL pointer or test"stack_base_ptr != NULL" is irrelevant.

[PATCH] Fix possible underflow in expression (maxoff - 1) - Mailing list pgsql-hackers

Attachment

Previous

Next