diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-03-03 18:13:24 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-03-03 18:13:24 -0500 |
| commit | 1a027e6b7bdf06dc3bfe1e63a2493f13629cf44a (patch) | |
| tree | a930f1dd82cab9edee068a3079691eb158d6cff6 /src | |
| parent | 6599d8f1264299ee595f2eaf4dc6a9aa2d7940d2 (diff) | |
| download | postgresql-1a027e6b7bdf06dc3bfe1e63a2493f13629cf44a.tar.gz postgresql-1a027e6b7bdf06dc3bfe1e63a2493f13629cf44a.zip | |
Clean up assorted failures under clang's -fsanitize=undefined checks.
Most of these are cases where we could call memcpy() or other libc
functions with a NULL pointer and a zero count, which is forbidden
by POSIX even though every production version of libc allows it.
We've fixed such things before in a piecemeal way, but apparently
never made an effort to try to get them all. I don't claim that
this patch does so either, but it gets every failure I observe in
check-world, using clang 12.0.1 on current RHEL8.
numeric.c has a different issue that the sanitizer doesn't like:
"ln(-1.0)" will compute log10(0) and then try to assign the
resulting -Inf to an integer variable. We don't actually use the
result in such a case, so there's no live bug.
Back-patch to all supported branches, with the idea that we might
start running a buildfarm member that tests this case. This includes
back-patching c1132aae3 (Check the size in COPY_POINTER_FIELD),
which previously silenced some of these issues in copyfuncs.c.
Discussion: https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/access/heap/heapam.c | 2 | ||||
| -rw-r--r-- | src/backend/access/heap/heapam_visibility.c | 4 | ||||
| -rw-r--r-- | src/backend/access/transam/clog.c | 5 | ||||
| -rw-r--r-- | src/backend/access/transam/xact.c | 5 | ||||
| -rw-r--r-- | src/backend/nodes/copyfuncs.c | 54 | ||||
| -rw-r--r-- | src/backend/storage/ipc/shm_mq.c | 7 | ||||
| -rw-r--r-- | src/backend/utils/adt/numeric.c | 8 | ||||
| -rw-r--r-- | src/backend/utils/time/snapmgr.c | 10 | ||||
| -rw-r--r-- | src/fe_utils/print.c | 3 |
9 files changed, 51 insertions, 47 deletions
diff --git a/src/backend/access/heap/heapam.c b/src/backend/access/heap/heapam.c index d37acdecae6..e4bd090669c 100644 --- a/src/backend/access/heap/heapam.c +++ b/src/backend/access/heap/heapam.c @@ -309,7 +309,7 @@ initscan(HeapScanDesc scan, ScanKey key, bool keep_startblock) /* * copy the scan key, if appropriate */ - if (key != NULL) + if (key != NULL && scan->rs_base.rs_nkeys > 0) memcpy(scan->rs_base.rs_key, key, scan->rs_base.rs_nkeys * sizeof(ScanKeyData)); /* diff --git a/src/backend/access/heap/heapam_visibility.c b/src/backend/access/heap/heapam_visibility.c index dba10890aab..cde04fc3385 100644 --- a/src/backend/access/heap/heapam_visibility.c +++ b/src/backend/access/heap/heapam_visibility.c @@ -1520,8 +1520,8 @@ HeapTupleHeaderIsOnlyLocked(HeapTupleHeader tuple) static bool TransactionIdInArray(TransactionId xid, TransactionId *xip, Size num) { - return bsearch(&xid, xip, num, - sizeof(TransactionId), xidComparator) != NULL; + return num > 0 && + bsearch(&xid, xip, num, sizeof(TransactionId), xidComparator) != NULL; } /* diff --git a/src/backend/access/transam/clog.c b/src/backend/access/transam/clog.c index 40170b868ba..976aa02acaa 100644 --- a/src/backend/access/transam/clog.c +++ b/src/backend/access/transam/clog.c @@ -296,8 +296,9 @@ TransactionIdSetPageStatus(TransactionId xid, int nsubxids, if (all_xact_same_page && xid == MyPgXact->xid && nsubxids <= THRESHOLD_SUBTRANS_CLOG_OPT && nsubxids == MyPgXact->nxids && - memcmp(subxids, MyProc->subxids.xids, - nsubxids * sizeof(TransactionId)) == 0) + (nsubxids == 0 || + memcmp(subxids, MyProc->subxids.xids, + nsubxids * sizeof(TransactionId)) == 0)) { /* * If we can immediately acquire XactSLRULock, we update the status of diff --git a/src/backend/access/transam/xact.c b/src/backend/access/transam/xact.c index 8f198c2538d..fb6220e4911 100644 --- a/src/backend/access/transam/xact.c +++ b/src/backend/access/transam/xact.c @@ -5282,8 +5282,9 @@ SerializeTransactionState(Size maxsize, char *start_address) { if (FullTransactionIdIsValid(s->fullTransactionId)) workspace[i++] = XidFromFullTransactionId(s->fullTransactionId); - memcpy(&workspace[i], s->childXids, - s->nChildXids * sizeof(TransactionId)); + if (s->nChildXids > 0) + memcpy(&workspace[i], s->childXids, + s->nChildXids * sizeof(TransactionId)); i += s->nChildXids; } Assert(i == nxids); diff --git a/src/backend/nodes/copyfuncs.c b/src/backend/nodes/copyfuncs.c index a669af7fd70..682b28ed729 100644 --- a/src/backend/nodes/copyfuncs.c +++ b/src/backend/nodes/copyfuncs.c @@ -57,8 +57,11 @@ #define COPY_POINTER_FIELD(fldname, sz) \ do { \ Size _size = (sz); \ - newnode->fldname = palloc(_size); \ - memcpy(newnode->fldname, from->fldname, _size); \ + if (_size > 0) \ + { \ + newnode->fldname = palloc(_size); \ + memcpy(newnode->fldname, from->fldname, _size); \ + } \ } while (0) /* Copy a parse location field (for Copy, this is same as scalar case) */ @@ -296,12 +299,9 @@ _copyRecursiveUnion(const RecursiveUnion *from) */ COPY_SCALAR_FIELD(wtParam); COPY_SCALAR_FIELD(numCols); - if (from->numCols > 0) - { - COPY_POINTER_FIELD(dupColIdx, from->numCols * sizeof(AttrNumber)); - COPY_POINTER_FIELD(dupOperators, from->numCols * sizeof(Oid)); - COPY_POINTER_FIELD(dupCollations, from->numCols * sizeof(Oid)); - } + COPY_POINTER_FIELD(dupColIdx, from->numCols * sizeof(AttrNumber)); + COPY_POINTER_FIELD(dupOperators, from->numCols * sizeof(Oid)); + COPY_POINTER_FIELD(dupCollations, from->numCols * sizeof(Oid)); COPY_SCALAR_FIELD(numGroups); return newnode; @@ -875,13 +875,10 @@ _copyMergeJoin(const MergeJoin *from) COPY_SCALAR_FIELD(skip_mark_restore); COPY_NODE_FIELD(mergeclauses); numCols = list_length(from->mergeclauses); - if (numCols > 0) - { - COPY_POINTER_FIELD(mergeFamilies, numCols * sizeof(Oid)); - COPY_POINTER_FIELD(mergeCollations, numCols * sizeof(Oid)); - COPY_POINTER_FIELD(mergeStrategies, numCols * sizeof(int)); - COPY_POINTER_FIELD(mergeNullsFirst, numCols * sizeof(bool)); - } + COPY_POINTER_FIELD(mergeFamilies, numCols * sizeof(Oid)); + COPY_POINTER_FIELD(mergeCollations, numCols * sizeof(Oid)); + COPY_POINTER_FIELD(mergeStrategies, numCols * sizeof(int)); + COPY_POINTER_FIELD(mergeNullsFirst, numCols * sizeof(bool)); return newnode; } @@ -1016,12 +1013,9 @@ _copyAgg(const Agg *from) COPY_SCALAR_FIELD(aggstrategy); COPY_SCALAR_FIELD(aggsplit); COPY_SCALAR_FIELD(numCols); - if (from->numCols > 0) - { - COPY_POINTER_FIELD(grpColIdx, from->numCols * sizeof(AttrNumber)); - COPY_POINTER_FIELD(grpOperators, from->numCols * sizeof(Oid)); - COPY_POINTER_FIELD(grpCollations, from->numCols * sizeof(Oid)); - } + COPY_POINTER_FIELD(grpColIdx, from->numCols * sizeof(AttrNumber)); + COPY_POINTER_FIELD(grpOperators, from->numCols * sizeof(Oid)); + COPY_POINTER_FIELD(grpCollations, from->numCols * sizeof(Oid)); COPY_SCALAR_FIELD(numGroups); COPY_SCALAR_FIELD(transitionSpace); COPY_BITMAPSET_FIELD(aggParams); @@ -1043,19 +1037,13 @@ _copyWindowAgg(const WindowAgg *from) COPY_SCALAR_FIELD(winref); COPY_SCALAR_FIELD(partNumCols); - if (from->partNumCols > 0) - { - COPY_POINTER_FIELD(partColIdx, from->partNumCols * sizeof(AttrNumber)); - COPY_POINTER_FIELD(partOperators, from->partNumCols * sizeof(Oid)); - COPY_POINTER_FIELD(partCollations, from->partNumCols * sizeof(Oid)); - } + COPY_POINTER_FIELD(partColIdx, from->partNumCols * sizeof(AttrNumber)); + COPY_POINTER_FIELD(partOperators, from->partNumCols * sizeof(Oid)); + COPY_POINTER_FIELD(partCollations, from->partNumCols * sizeof(Oid)); COPY_SCALAR_FIELD(ordNumCols); - if (from->ordNumCols > 0) - { - COPY_POINTER_FIELD(ordColIdx, from->ordNumCols * sizeof(AttrNumber)); - COPY_POINTER_FIELD(ordOperators, from->ordNumCols * sizeof(Oid)); - COPY_POINTER_FIELD(ordCollations, from->ordNumCols * sizeof(Oid)); - } + COPY_POINTER_FIELD(ordColIdx, from->ordNumCols * sizeof(AttrNumber)); + COPY_POINTER_FIELD(ordOperators, from->ordNumCols * sizeof(Oid)); + COPY_POINTER_FIELD(ordCollations, from->ordNumCols * sizeof(Oid)); COPY_SCALAR_FIELD(frameOptions); COPY_NODE_FIELD(startOffset); COPY_NODE_FIELD(endOffset); diff --git a/src/backend/storage/ipc/shm_mq.c b/src/backend/storage/ipc/shm_mq.c index ac9d23a3403..bc75038d3ca 100644 --- a/src/backend/storage/ipc/shm_mq.c +++ b/src/backend/storage/ipc/shm_mq.c @@ -748,8 +748,11 @@ shm_mq_receive(shm_mq_handle *mqh, Size *nbytesp, void **datap, bool nowait) /* Copy as much as we can. */ Assert(mqh->mqh_partial_bytes + rb <= nbytes); - memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata, rb); - mqh->mqh_partial_bytes += rb; + if (rb > 0) + { + memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata, rb); + mqh->mqh_partial_bytes += rb; + } /* * Update count of bytes that can be consumed, accounting for diff --git a/src/backend/utils/adt/numeric.c b/src/backend/utils/adt/numeric.c index 885d50f5fc3..041d0dbc1d6 100644 --- a/src/backend/utils/adt/numeric.c +++ b/src/backend/utils/adt/numeric.c @@ -8886,12 +8886,20 @@ exp_var(const NumericVar *arg, NumericVar *result, int rscale) * * Essentially, we're approximating log10(abs(ln(var))). This is used to * determine the appropriate rscale when computing natural logarithms. + * + * Note: many callers call this before range-checking the input. Therefore, + * we must be robust against values that are invalid to apply ln() to. + * We don't wish to throw an error here, so just return zero in such cases. */ static int estimate_ln_dweight(const NumericVar *var) { int ln_dweight; + /* Caller should fail on ln(negative), but for the moment return zero */ + if (var->sign != NUMERIC_POS) + return 0; + if (cmp_var(var, &const_zero_point_nine) >= 0 && cmp_var(var, &const_one_point_one) <= 0) { diff --git a/src/backend/utils/time/snapmgr.c b/src/backend/utils/time/snapmgr.c index 1c960300fd2..9d02f7638b8 100644 --- a/src/backend/utils/time/snapmgr.c +++ b/src/backend/utils/time/snapmgr.c @@ -594,12 +594,14 @@ SetTransactionSnapshot(Snapshot sourcesnap, VirtualTransactionId *sourcevxid, CurrentSnapshot->xmax = sourcesnap->xmax; CurrentSnapshot->xcnt = sourcesnap->xcnt; Assert(sourcesnap->xcnt <= GetMaxSnapshotXidCount()); - memcpy(CurrentSnapshot->xip, sourcesnap->xip, - sourcesnap->xcnt * sizeof(TransactionId)); + if (sourcesnap->xcnt > 0) + memcpy(CurrentSnapshot->xip, sourcesnap->xip, + sourcesnap->xcnt * sizeof(TransactionId)); CurrentSnapshot->subxcnt = sourcesnap->subxcnt; Assert(sourcesnap->subxcnt <= GetMaxSnapshotSubxidCount()); - memcpy(CurrentSnapshot->subxip, sourcesnap->subxip, - sourcesnap->subxcnt * sizeof(TransactionId)); + if (sourcesnap->subxcnt > 0) + memcpy(CurrentSnapshot->subxip, sourcesnap->subxip, + sourcesnap->subxcnt * sizeof(TransactionId)); CurrentSnapshot->suboverflowed = sourcesnap->suboverflowed; CurrentSnapshot->takenDuringRecovery = sourcesnap->takenDuringRecovery; /* NB: curcid should NOT be copied, it's a local matter */ diff --git a/src/fe_utils/print.c b/src/fe_utils/print.c index 966a7721801..692868f3d0e 100644 --- a/src/fe_utils/print.c +++ b/src/fe_utils/print.c @@ -910,7 +910,8 @@ print_aligned_text(const printTableContent *cont, FILE *fout, bool is_pager) more_col_wrapping = col_count; curr_nl_line = 0; - memset(header_done, false, col_count * sizeof(bool)); + if (col_count > 0) + memset(header_done, false, col_count * sizeof(bool)); while (more_col_wrapping) { if (opt_border == 2) |