Postgres Pro
Downloads
Home   >   mailing lists

Thread: BUG #17935: Incorrect memory access in fuzzystrmatch/difference()

BUG #17935: Incorrect memory access in fuzzystrmatch/difference()

From
PG Bug reporting form
Date:
The following bug has been logged on the website:

Bug reference:      17935
Logged by:          Alexander Lakhin
Email address:      exclusion@gmail.com
PostgreSQL version: 15.3
Operating system:   Ubuntu 22.04
Description:

When the following query executed:
CREATE EXTENSION fuzzystrmatch;
SELECT difference('', '');

Valgrind detects the following issue:
==00:00:00:04.351 1561837== Conditional jump or move depends on
uninitialised value(s)
==00:00:00:04.351 1561837==    at 0x4867265: difference
(fuzzystrmatch.c:787)
==00:00:00:04.351 1561837==    by 0x3FFC24: ExecInterpExpr
(execExprInterp.c:751)
==00:00:00:04.351 1561837==    by 0x3FC3D8: ExecInterpExprStillValid
(execExprInterp.c:1826)
==00:00:00:04.351 1561837==    by 0x4EDE9C: ExecEvalExprSwitchContext
(executor.h:341)
==00:00:00:04.351 1561837==    by 0x4EDE9C: evaluate_expr (clauses.c:4823)
==00:00:00:04.351 1561837==    by 0x4EE078: evaluate_function
(clauses.c:4325)
==00:00:00:04.351 1561837==    by 0x4F0530: simplify_function
(clauses.c:3908)
==00:00:00:04.351 1561837==    by 0x4EE33C: eval_const_expressions_mutator
(clauses.c:2427)
==00:00:00:04.351 1561837==    by 0x47F0B5: expression_tree_mutator
(nodeFuncs.c:3080)
==00:00:00:04.351 1561837==    by 0x4EF776: eval_const_expressions_mutator
(clauses.c:3527)
==00:00:00:04.351 1561837==    by 0x47F2FF: expression_tree_mutator
(nodeFuncs.c:3166)
==00:00:00:04.351 1561837==    by 0x4EF776: eval_const_expressions_mutator
(clauses.c:3527)
==00:00:00:04.351 1561837==    by 0x4EF8F1: eval_const_expressions
(clauses.c:2107)
==00:00:00:04.351 1561837==

In this case, _soundex() exits prematurely and sets only first and last
char
of it's parameter outstr, but difference() loops through SOUNDEX_LEN
chars,
and thus uses initialized data.

Re: BUG #17935: Incorrect memory access in fuzzystrmatch/difference()

From
Tom Lane
Date:
PG Bug reporting form <noreply@postgresql.org> writes:
> In this case, _soundex() exits prematurely and sets only first and last
> char
> of it's parameter outstr, but difference() loops through SOUNDEX_LEN
> chars,
> and thus uses initialized data.

Yup, that's pretty sloppy, will fix.

            regards, tom lane