Re: doPickSplit stack buffer overflow in XLogInsert?

From: Kevin Grittner <kgrittn(at)ymail(dot)com>
To: Andres Freund <andres(at)2ndquadrant(dot)com>
Cc: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: doPickSplit stack buffer overflow in XLogInsert?
Date: 2013-11-27 14:23:38
Message-ID: 1385562218.37343.YahooMailNeo@web162901.mail.bf1.yahoo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
> On 2013-11-26 14:14:38 -0800, Kevin Grittner wrote:
>
>> I happened to build in a shell that was still set up for the clang
>> address sanitizer, and got the attached report.  On a rerun it was
>> repeatable.  XLogInsert() seems to read past the end of a variable
>> allocated on the stack in doPickSplit(). I haven't tried to analyze
>> it past that, since this part of the code is unfamiliar to me.
>
> Yea, I've seen that one before as well and planned to report it at some
> point. The reason is the MAXALIGN()s in ACCEPT_RDATA_DATA(). That rounds
> up to 8byte boundaries, while we've e.g. only added 2bytes of slop to
> toDelete.

Have you established whether having the CRC calculation read past
the end of the buffer can cause problems on recovery or standby
systems?  Should we try to get this fixed by Monday?

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Vik Fearing 2013-11-27 14:26:11 Re: Extension Templates S03E11
Previous Message Pavel Stehule 2013-11-27 14:14:35 Re: new unicode table border styles for psql