| From: | Alexander Lakhin <exclusion(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Importing pg_bsd_indent into our source tree |
| Date: | 2023-06-07 08:00:00 |
| Message-ID: | 591971ce-25c1-90f3-0526-5f54e3ebb32e@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
I've discovered that the pg_bsd_indent test added here makes an
ASAN-instrumented build fail on:
ASAN_OPTIONS=detect_leaks=0:strict_string_checks=1 make check-world
as follows:
# +++ tap check in src/tools/pg_bsd_indent +++
t/001_pg_bsd_indent.pl .. 1/?
# Failed test 'pg_bsd_indent succeeds on binary'
# at t/001_pg_bsd_indent.pl line 41.
# Failed test 'pg_bsd_indent output matches for binary'
# at t/001_pg_bsd_indent.pl line 50.
# Failed test 'pg_bsd_indent succeeds on comments'
# at t/001_pg_bsd_indent.pl line 41.
# Failed test 'pg_bsd_indent output matches for comments'
# at t/001_pg_bsd_indent.pl line 50.
t/001_pg_bsd_indent.pl .. 10/?
...
regress_log_001_pg_bsd_indent contains:
# Running: pg_bsd_indent .../src/tools/pg_bsd_indent/tests/binary.0 binary.out
-P.../src/tools/pg_bsd_indent/tests/binary.pro
=================================================================
==2124067==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600000005a at pc 0x560aa8972dae bp
0x7ffebd080460 sp 0x7ffebd07fc08
READ of size 40 at 0x60600000005a thread T0
#0 0x560aa8972dad in __interceptor_strspn.part.0 (.../src/tools/pg_bsd_indent/pg_bsd_indent+0x5edad)
#1 0x560aa8a3f495 in lexi .../src/tools/pg_bsd_indent/lexi.c:258
#2 0x560aa8a3451d in main .../src/tools/pg_bsd_indent/indent.c:269
#3 0x7f6ffab1ad8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#4 0x7f6ffab1ae3f in __libc_start_main_impl ../csu/libc-start.c:392
#5 0x560aa894b7d4 in _start (.../src/tools/pg_bsd_indent/pg_bsd_indent+0x377d4)
0x60600000005a is located 0 bytes to the right of 58-byte region [0x606000000020,0x60600000005a)
allocated by thread T0 here:
#0 0x560aa89e4980 in __interceptor_realloc.part.0 (.../src/tools/pg_bsd_indent/pg_bsd_indent+0xd0980)
#1 0x560aa8a3d24e in fill_buffer .../src/tools/pg_bsd_indent/io.c:365
SUMMARY: AddressSanitizer: heap-buffer-overflow (.../src/tools/pg_bsd_indent/pg_bsd_indent+0x5edad) in
__interceptor_strspn.part.0
...
I understand that that code is almost as ancient as me and it works as
intended (fill_buffer() doesn't null-terminate a buffer), but may be this is
worth fixing in the Postgres source tree to keep the whole testing baseline
high (if someone finds strict_string_checks useful). If so, perhaps
something like the attached will do.
Best regards,
Alexander
| Attachment | Content-Type | Size |
|---|---|---|
| improve-strspn-for-bsd_indent.patch | text/x-patch | 685 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2023-06-07 08:19:30 | Re: Remove incidental md5() function uses from several tests |
| Previous Message | Julien Rouhaud | 2023-06-07 07:48:52 | Re: confusion about this commit "Revert "Skip redundant anti-wraparound vacuums"" |