Thread: potential integer overflow in md.c
I found following expression in md.c: seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE))); all variables and constants are int (32-bit) and long (also very often 32-bit). In case when somebody want to change RELSEG_SIZE to value related to 4GB and bigger chunk he can expect data overwriting. This seek problem is on more places, however in standard compilation chunk size is 1GB and this problem does not appear. I'm going to fix it. Zdenek
Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes: > I found following expression in md.c: > seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE))); There's no percentage in touching that code unless you intend to enable the non-segmented behavior; which will probably need more fixes than just this. regards, tom lane
Tom Lane wrote: > Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes: >> I found following expression in md.c: >> seekpos = (long) (BLCKSZ * (blocknum % ((BlockNumber) RELSEG_SIZE))); > > There's no percentage in touching that code unless you intend to enable > the non-segmented behavior; which will probably need more fixes than > just this. For non-segment code is following section: seekpos = (long) (BLCKSZ * (blocknum)); and FileSeek function also accept only 32bit offset. Zdenek