From: | Kevin Grittner <kgrittn(at)ymail(dot)com> |
---|---|
To: | Andres Freund <andres(at)2ndquadrant(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: doPickSplit stack buffer overflow in XLogInsert? |
Date: | 2013-11-27 14:23:38 |
Message-ID: | 1385562218.37343.YahooMailNeo@web162901.mail.bf1.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andres Freund <andres(at)2ndquadrant(dot)com> wrote:
> On 2013-11-26 14:14:38 -0800, Kevin Grittner wrote:
>
>> I happened to build in a shell that was still set up for the clang
>> address sanitizer, and got the attached report. On a rerun it was
>> repeatable. XLogInsert() seems to read past the end of a variable
>> allocated on the stack in doPickSplit(). I haven't tried to analyze
>> it past that, since this part of the code is unfamiliar to me.
>
> Yea, I've seen that one before as well and planned to report it at some
> point. The reason is the MAXALIGN()s in ACCEPT_RDATA_DATA(). That rounds
> up to 8byte boundaries, while we've e.g. only added 2bytes of slop to
> toDelete.
Have you established whether having the CRC calculation read past
the end of the buffer can cause problems on recovery or standby
systems? Should we try to get this fixed by Monday?
--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Vik Fearing | 2013-11-27 14:26:11 | Re: Extension Templates S03E11 |
Previous Message | Pavel Stehule | 2013-11-27 14:14:35 | Re: new unicode table border styles for psql |