pgsql: Fix WaitEventSetWait() buffer overrun.

From: Thomas Munro <tmunro(at)postgresql(dot)org>
To: pgsql-committers(at)lists(dot)postgresql(dot)org
Subject: pgsql: Fix WaitEventSetWait() buffer overrun.
Date: 2023-01-12 22:06:39
Message-ID: E1pG5iY-003M42-W1@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Fix WaitEventSetWait() buffer overrun.

The WAIT_USE_EPOLL and WAIT_USE_KQUEUE implementations of
WaitEventSetWaitBlock() confused the size of their internal buffer with
the size of the caller's output buffer, and could ask the kernel for too
many events. In fact the set of events retrieved from the kernel needs
to be able to fit in both buffers, so take the smaller of the two.

The WAIT_USE_POLL and WAIT_USE WIN32 implementations didn't have this
confusion.

This probably didn't come up before because we always used the same
number in both places, but commit 7389aad6 calculates a dynamic size at
construction time, while using MAXLISTEN for its output event buffer on
the stack. That seems like a reasonable thing to want to do, so
consider this to be a pre-existing bug worth fixing.

As discovered by valgrind on skink.

Back-patch to all supported releases for epoll, and to release 13 for
the kqueue part, which copied the incorrect epoll code.

Reviewed-by: Andres Freund <andres(at)anarazel(dot)de>
Discussion: https://postgr.es/m/901504.1673504836%40sss.pgh.pa.us

Branch
------
REL_11_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/1b40710a8c89a1b12de06e38047185b972bd6351

Modified Files
--------------
src/backend/storage/ipc/latch.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Browse pgsql-committers by date

  From Date Subject
Next Message Michael Paquier 2023-01-13 00:30:36 pgsql: doc: Simplify description of functions for pg_walinspect
Previous Message Thomas Munro 2023-01-12 22:06:17 pgsql: Fix WaitEventSetWait() buffer overrun.