hash_create(nelem = 0) does invalid memory accesses

From: Andres Freund <andres(at)anarazel(dot)de>
To: pgsql-hackers(at)postgresql(dot)org
Subject: hash_create(nelem = 0) does invalid memory accesses
Date: 2016-09-27 23:24:49
Message-ID: 20160927232449.m4xm4kvkgyiqmx53@alap3.anarazel.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi,

debugging a citus valgrind bleat I noticed that hash_create() accesses
the result of palloc(0) as an hash element:
HTAB *
hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
{
...
if ((flags & HASH_SHARED_MEM) ||
nelem < hctl->nelem_alloc)
{
if (!element_alloc(hashp, (int) nelem))
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("out of memory")));
}
...}

I.e. e call element_alloc with nelem = 0. There we then do:
static bool
element_alloc(HTAB *hashp, int nelem)
{
...
firstElement = (HASHELEMENT *) hashp->alloc(nelem * elementSize);
...
firstElement->link = hctlv->freeList;
}

which means we'll write to the result of palloc(0).

Do we consider this an API usage error that we want to fix?

Greetings,

Andres Freund

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2016-09-27 23:27:59 Re: LLVM Address Sanitizer (ASAN) and valgrind support
Previous Message Greg Stark 2016-09-27 23:23:11 Re: LLVM Address Sanitizer (ASAN) and valgrind support