Home > mailing lists

Re: invalid alloc size error possible in shm_mq - Mailing list pgsql-bugs

From	Markus Wanner
Subject	Re: invalid alloc size error possible in shm_mq
Date	September 9, 2020 15:37:17
Msg-id	d0761291-3ac5-3b3c-c6cd-0f89be3de2b9@2ndquadrant.com Whole thread Raw
In response to	Re: invalid alloc size error possible in shm_mq (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses	Re: invalid alloc size error possible in shm_mq (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-bugs

Tree view

On 8/25/20 12:00 PM, Peter Eisentraut wrote:
> I wonder if the assertion is appropriate or whether it should be a full 
> error check.

Good point.  Originally, it used to be an error.  With the patch (but 
w/o assertions enabled) it could result in a buffer overrun.  Not good.

I changed the patch to add an error (instead of just an assert) when 
asked to read a message larger than MaxAllocSize.  So this patch 
essentially corrects handling of messages in size between MaxAllocSize/2 
and MaxAllocSize.

> Is anything on the sending side ensuring that the maximum 
> size is kept?  All the size variables are Size/size_t so could be much 
> larger than MaxAllocSize.

In this v2 of the patch, I added a check that errors out on the sender 
side as well (for trying to send a message larger than MaxAllocSize).

I'd still recommend to back-patch this.

-- 
Markus Wanner
Senior PostgreSQL Developer
2ndQuadrant - PostgreSQL Solutions for the Enterprise
https://www.2ndQuadrant.com/

Attachment

shm_mq_inv_allocation_fix_v2.diff

pgsql-bugs by date:

From: Jehan-Guillaume de Rorthais
Date: 09 September 2020, 13:58:40
Subject: Re: [BUG v13] Crash with event trigger in extension

From: Michael Paquier
Date: 09 September 2020, 15:46:34
Subject: Re: BUG #16577: Segfault on altering a table located in a dropped tablespace

Re: invalid alloc size error possible in shm_mq - Mailing list pgsql-bugs

Attachment

Previous

Next