Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #15312: Possible access to unintended variable in"postgres/src/backend/postmaster/pgstat.c" line 2698

BUG #15312: Possible access to unintended variable in"postgres/src/backend/postmaster/pgstat.c" line 2698

From
PG Bug reporting form
Date:
The following bug has been logged on the website:

Bug reference:      15312
Logged by:          Petru-Florin Mihancea
Email address:      petrum@gmail.com
PostgreSQL version: Unsupported/Unknown
Operating system:   Macosx
Description:

While experimenting with a CodeSonar plugin we develop, we noticed a
potential bug in file "postgres/src/backend/postmaster/pgstat.c" line 2698
function CreateSharedBackendStatus.

/* Create or attach to the shared activity buffer */
BackendActivityBufferSize = mul_size(pgstat_track_activity_query_size,
                                     NumBackendStatSlots);
BackendActivityBuffer = (char *)
    ShmemInitStruct("Backend Activity Buffer",
                    BackendActivityBufferSize,
                    &found);
if (!found)
{
    MemSet(BackendActivityBuffer, 0, size); //HERE

    /* Initialize st_activity pointers. */
    buffer = BackendActivityBuffer;
    for (i = 0; i < NumBackendStatSlots; i++)
    {
        BackendStatusArray[i].st_activity_raw = buffer;
        buffer += pgstat_track_activity_query_size;
    }
}

Shouldn't BackendActivityBufferSize be accessed in the marked line instead
of size? 

Thanks,
Petru Florin Mihancea

Re: BUG #15312: Possible access to unintended variable in"postgres/src/backend/postmaster/pgstat.c" line 2698

From
Alvaro Herrera
Date:
On 2018-Aug-07, PG Bug reporting form wrote:

> While experimenting with a CodeSonar plugin we develop, we noticed a
> potential bug in file "postgres/src/backend/postmaster/pgstat.c" line 2698
> function CreateSharedBackendStatus.

Hmm, yeah this is a bug, introduced by commit c8e8b5a6e20b AFAICS.

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Re: BUG #15312: Possible access to unintended variable in "postgres/src/backend/postmaster/pgstat.c" line 2698

From
Tom Lane
Date:
=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes:
>     MemSet(BackendActivityBuffer, 0, size); //HERE

> Shouldn't BackendActivityBufferSize be accessed in the marked line instead
> of size? 

Yeah, I think you're right --- looks like a pretty obvious copy-and-paste
oversight.  It's probably harmless as long as
pgstat_track_activity_query_size is at least NAMEDATALEN, but it's
not good.

Thanks for reporting that!

            regards, tom lane