Thread: potential integer overflow in md.c

potential integer overflow in md.c

From

Zdenek Kotala

Date:

04 April 2007, 16:27:27

I found following expression in md.c:

  seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE)));

all variables and constants are int (32-bit) and long (also very often
32-bit). In case when somebody want to change RELSEG_SIZE to value
related to 4GB and bigger chunk he can expect data overwriting.

This seek problem is on more places, however in standard compilation
chunk size is 1GB and this problem does not appear.

I'm going to fix it.


        Zdenek

Re: potential integer overflow in md.c

From

Tom Lane

Date:

04 April 2007, 16:48:52

Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
> I found following expression in md.c:
>   seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE)));

There's no percentage in touching that code unless you intend to enable
the non-segmented behavior; which will probably need more fixes than
just this.

            regards, tom lane

Re: potential integer overflow in md.c

From

Zdenek Kotala

Date:

04 April 2007, 16:53:21

Tom Lane wrote:
> Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
>> I found following expression in md.c:
>>   seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE)));
>
> There's no percentage in touching that code unless you intend to enable
> the non-segmented behavior; which will probably need more fixes than
> just this.

For non-segment code is following section:

  seekpos = (long) (BLCKSZ * (blocknum));

and FileSeek function also accept only 32bit offset.

        Zdenek