diff options
| author | Michael Paquier <michael@paquier.xyz> | 2021-11-12 21:49:21 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2021-11-12 21:49:21 +0900 |
| commit | a45ed975c58fde7303eeae488b313bf0314383f7 (patch) | |
| tree | 7660a2c42c4942a21e542daa17b6de3bf234a75e /src | |
| parent | 335474691054a74d771f0e7c24d25e800e3a37b6 (diff) | |
| download | postgresql-a45ed975c58fde7303eeae488b313bf0314383f7.tar.gz postgresql-a45ed975c58fde7303eeae488b313bf0314383f7.zip | |
Fix memory overrun when querying pg_stat_slru
pg_stat_get_slru() in pgstatfuncs.c would point to one element after the
end of the array PgStat_SLRUStats when finishing to scan its entries.
This had no direct consequences as no data from the extra memory area
was read, but static analyzers would rightfully complain here. So let's
be clean.
While on it, this adds one regression test in the area reserved for
system views.
Reported-by: Alexander Kozhemyakin, via AddressSanitizer
Author: Kyotaro Horiguchi
Discussion: https://postgr.es/m/17280-37da556e86032070@postgresql.org
Backpatch-through: 13
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/utils/adt/pgstatfuncs.c | 3 | ||||
| -rw-r--r-- | src/test/regress/expected/sysviews.out | 7 | ||||
| -rw-r--r-- | src/test/regress/sql/sysviews.sql | 3 |
3 files changed, 12 insertions, 1 deletions
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c index ff5aedc99cb..e64857e5409 100644 --- a/src/backend/utils/adt/pgstatfuncs.c +++ b/src/backend/utils/adt/pgstatfuncs.c @@ -1911,7 +1911,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) /* for each row */ Datum values[PG_STAT_GET_SLRU_COLS]; bool nulls[PG_STAT_GET_SLRU_COLS]; - PgStat_SLRUStats stat = stats[i]; + PgStat_SLRUStats stat; const char *name; name = pgstat_slru_name(i); @@ -1919,6 +1919,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) if (!name) break; + stat = stats[i]; MemSet(values, 0, sizeof(values)); MemSet(nulls, 0, sizeof(nulls)); diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out index 6e54f3e15e2..2088857615a 100644 --- a/src/test/regress/expected/sysviews.out +++ b/src/test/regress/expected/sysviews.out @@ -76,6 +76,13 @@ select count(*) >= 0 as ok from pg_prepared_xacts; t (1 row) +-- There will surely be at least one SLRU cache +select count(*) > 0 as ok from pg_stat_slru; + ok +---- + t +(1 row) + -- There must be only one record select count(*) = 1 as ok from pg_stat_wal; ok diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql index dc8c9a3ac23..b24816e3d5a 100644 --- a/src/test/regress/sql/sysviews.sql +++ b/src/test/regress/sql/sysviews.sql @@ -37,6 +37,9 @@ select count(*) = 0 as ok from pg_prepared_statements; -- See also prepared_xacts.sql select count(*) >= 0 as ok from pg_prepared_xacts; +-- There will surely be at least one SLRU cache +select count(*) > 0 as ok from pg_stat_slru; + -- There must be only one record select count(*) = 1 as ok from pg_stat_wal; |