diff options
| author | Thomas Munro <tmunro@postgresql.org> | 2023-12-08 15:10:48 +1300 |
|---|---|---|
| committer | Thomas Munro <tmunro@postgresql.org> | 2023-12-08 16:11:12 +1300 |
| commit | b9f687f5abaf40c13fed59fe08014116a8344102 (patch) | |
| tree | fbf54126e69c401a2dd819c419b630b02bae15c0 /src | |
| parent | 24482838c2c4bf251896e7ace837d48ba1fdc036 (diff) | |
| download | postgresql-b9f687f5abaf40c13fed59fe08014116a8344102.tar.gz postgresql-b9f687f5abaf40c13fed59fe08014116a8344102.zip | |
Fix potential pointer overflow in xlogreader.c.
While checking if a record could fit in the circular WAL decoding
buffer, the coding from commit 3f1ce973 used arithmetic that could
overflow. 64 bit systems were unaffected for various technical reasons,
which probably explains the lack of problem reports. Likewise for 32
bit systems running known 32 bit kernels. The systems at risk of
problems appear to be 32 bit processes running on 64 bit kernels, with
unlucky placement in memory.
Per complaint from GCC -fsanitize=undefined -m32, while testing
variations of 039_end_of_wal.pl.
Back-patch to 15.
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Reviewed-by: Robert Haas <robertmhaas@gmail.com>
Discussion: https://postgr.es/m/CA%2BhUKGKH0oRPOX7DhiQ_b51sM8HqcPp2J3WA-Oen%3DdXog%2BAGGQ%40mail.gmail.com
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/access/transam/xlogreader.c | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/src/backend/access/transam/xlogreader.c b/src/backend/access/transam/xlogreader.c index c15da9dd45c..e7ad3317e47 100644 --- a/src/backend/access/transam/xlogreader.c +++ b/src/backend/access/transam/xlogreader.c @@ -457,18 +457,37 @@ XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversi if (state->decode_buffer_tail >= state->decode_buffer_head) { /* Empty, or tail is to the right of head. */ - if (state->decode_buffer_tail + required_space <= - state->decode_buffer + state->decode_buffer_size) + if (required_space <= + state->decode_buffer_size - + (state->decode_buffer_tail - state->decode_buffer)) { - /* There is space between tail and end. */ + /*- + * There is space between tail and end. + * + * +-----+--------------------+-----+ + * | |////////////////////|here!| + * +-----+--------------------+-----+ + * ^ ^ + * | | + * h t + */ decoded = (DecodedXLogRecord *) state->decode_buffer_tail; decoded->oversized = false; return decoded; } - else if (state->decode_buffer + required_space < - state->decode_buffer_head) + else if (required_space < + state->decode_buffer_head - state->decode_buffer) { - /* There is space between start and head. */ + /*- + * There is space between start and head. + * + * +-----+--------------------+-----+ + * |here!|////////////////////| | + * +-----+--------------------+-----+ + * ^ ^ + * | | + * h t + */ decoded = (DecodedXLogRecord *) state->decode_buffer; decoded->oversized = false; return decoded; @@ -477,10 +496,19 @@ XLogReadRecordAlloc(XLogReaderState *state, size_t xl_tot_len, bool allow_oversi else { /* Tail is to the left of head. */ - if (state->decode_buffer_tail + required_space < - state->decode_buffer_head) + if (required_space < + state->decode_buffer_head - state->decode_buffer_tail) { - /* There is space between tail and head. */ + /*- + * There is space between tail and head. + * + * +-----+--------------------+-----+ + * |/////|here! |/////| + * +-----+--------------------+-----+ + * ^ ^ + * | | + * t h + */ decoded = (DecodedXLogRecord *) state->decode_buffer_tail; decoded->oversized = false; return decoded; |