Hi hackers,
"InitBufTable" is the function used to initialize the buffer lookup
table for buffer manager. With the memory size increasing nowadays,
there is a potential overflow issue for the parameter "int size" used by
"InitBufTable". This function is invoked in freelist.c as below:
InitBufTable(NBuffers + NUM_BUFFER_PARTITIONS);
The number of buffer block “NBuffers” is also defined as "int", and
"NUM_BUFFER_PARTITIONS" has a default value 128. In theory, it may get
the chance to overflow the "size" parameter in "InitBufTable". The
"size" parameter is later used by "ShmemInitHash" as "init_size" and
"max_size", which are all defined as "long".
SharedBufHash = ShmemInitHash("Shared Buffer Lookup Table",
size, size,
&info,
HASH_ELEM | HASH_BLOBS | HASH_PARTITION);
Therefore, it would be better to change "InitBufTable(int size)" to
"InitBufTable(long size)".
A simple patch is attached and it passed the “make installcheck-world” test.
--
David
Software Engineer
Highgo Software Inc. (Canada)
www.highgo.ca