From: | Thomas Munro <tmunro(at)postgresql(dot)org> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Fix WaitEventSetWait() buffer overrun. |
Date: | 2023-01-12 22:06:39 |
Message-ID: | E1pG5iY-003M42-W1@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Fix WaitEventSetWait() buffer overrun.
The WAIT_USE_EPOLL and WAIT_USE_KQUEUE implementations of
WaitEventSetWaitBlock() confused the size of their internal buffer with
the size of the caller's output buffer, and could ask the kernel for too
many events. In fact the set of events retrieved from the kernel needs
to be able to fit in both buffers, so take the smaller of the two.
The WAIT_USE_POLL and WAIT_USE WIN32 implementations didn't have this
confusion.
This probably didn't come up before because we always used the same
number in both places, but commit 7389aad6 calculates a dynamic size at
construction time, while using MAXLISTEN for its output event buffer on
the stack. That seems like a reasonable thing to want to do, so
consider this to be a pre-existing bug worth fixing.
As discovered by valgrind on skink.
Back-patch to all supported releases for epoll, and to release 13 for
the kqueue part, which copied the incorrect epoll code.
Reviewed-by: Andres Freund <andres(at)anarazel(dot)de>
Discussion: https://postgr.es/m/901504.1673504836%40sss.pgh.pa.us
Branch
------
REL_11_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/1b40710a8c89a1b12de06e38047185b972bd6351
Modified Files
--------------
src/backend/storage/ipc/latch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2023-01-13 00:30:36 | pgsql: doc: Simplify description of functions for pg_walinspect |
Previous Message | Thomas Munro | 2023-01-12 22:06:17 | pgsql: Fix WaitEventSetWait() buffer overrun. |