From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Fix two issues in TOAST decompression. |
Date: | 2020-11-01 23:38:53 |
Message-ID: | E1kZMw1-0005La-N4@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Fix two issues in TOAST decompression.
pglz_maximum_compressed_size() potentially underestimated the amount
of compressed data required to produce N bytes of decompressed data;
this is a fault in commit 11a078cf8.
Separately from that, pglz_decompress() failed to protect itself
against corrupt compressed data, particularly off == 0 in a match
tag. Commit c60e520f6 turned such a situation into an infinite loop,
where before it'd just have resulted in garbage output.
The combination of these two bugs seems like it may explain bug #16694
from Tom Vijlbrief, though it's impossible to be quite sure without
direct inspection of the failing session. (One needs to assume that
the pglz_maximum_compressed_size() bug caused us to fail to fetch the
second byte of a match tag, and what happened to be there instead was
a zero. The reported infinite loop is hard to explain without off == 0,
though.)
Aside from fixing the bugs, rewrite associated comments for more
clarity.
Back-patch to v13 where both these commits landed.
Discussion: https://postgr.es/m/16694-f107871e499ec114@postgresql.org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/dfc797730fc7a07c0e6bd636ad1a564aecab3161
Modified Files
--------------
src/common/pg_lzcompress.c | 101 +++++++++++++++++++++++++++++----------------
1 file changed, 66 insertions(+), 35 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2020-11-02 00:49:52 | pgsql: Allow run-time pruning on nested Append/MergeAppend nodes |
Previous Message | Tom Lane | 2020-11-01 16:27:17 | pgsql: Avoid null pointer dereference if error result lacks SQLSTATE. |