From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
---|---|
To: | Ett Martin <ettl(dot)martin(at)gmx(dot)de> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4724: Array index out of bounds |
Date: | 2009-03-23 01:20:49 |
Message-ID: | 49C6E3F1.6090703@postnewspapers.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Ett Martin wrote:
> I have checked the sources with a static code analysis tool cppcheck:
>
> cppcheck -q -a -j2 postgresql-8.3.7
> [postgresql-8.3.7/contrib/cube/cube.c:1418]: (all) Array index out of
> bounds
> [postgresql-8.3.7/contrib/cube/cube.c:1437]: (all) Array index out of
> bounds
Have you then verified that the complaint is actually valid? Static
analysis tools only point out places where you might want to look.
It's common in C to do things like:
struct block {
block *next;
size_t blockdata_size;
uint8_t blockdata[0];
}
where you allocate a `block' structure using something like:
block* alloc_block(size_t numbytes)
{
return (block*)(malloc(sizeof(block)+numbytes));
}
Because C permits indexing past the end of an array, you can then safely
and legally access your allocated memory past the block header with
things like:
someblock->blockdata[11];
Static analysis tools won't realise what's going on, and will complain.
I'd say after a quick glance that that's what's happening here, though
I'm far from certain.
--
Craig Ringer
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2009-03-23 02:04:28 | Re: BUG #4724: Array index out of bounds |
Previous Message | Bob Morrissey | 2009-03-22 23:55:30 | BUG #4725: conflict with f-secure |