| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Fix out-of-bounds in the function GetCommandTagName |
| Date: | 2024-04-14 23:17:35 |
| Message-ID: | CAEudQAoY0xrKuTAX7W10zsjjUpKBPFRtdCyScb3Z0FB2v6HNmQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Per Coverity.
Coverity has reported some out-of-bounds bugs
related to the GetCommandTagName function.
CID 1542964: (#1 of 1): Out-of-bounds access (OVERRUN)
7. overrun-call: Overrunning callee's array of size 193 by passing argument
commandtag (which evaluates to 193) in call to GetCommandTagName.[
It turns out that the root of the problem is found in the declaration of
the tag_behavior array, which is found in src/backend/tcop/cmdtag.c.
The size of the array is defined by COMMAND_TAG_NEXTTAG enum,
whose value currently corresponds to 193.
Since enum items are evaluated starting at zero, by default.
It turns out that the final size of the array, 193, limits the number of
items to 192, which excludes the last TAG
PG_CMDTAG(CMDTAG_VACUUM, "VACUUM", false, false, false)
Fixed leaving it up to the compiler to determine the final size of the
array.
Patch attached.
best regards,
Ranier Vilela
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2024-04-14 23:20:16 | Stability of queryid in minor versions |
| Previous Message | Andres Freund | 2024-04-14 22:33:05 | Differential code coverage between 16 and HEAD |