Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
| От | Tom Lane |
|---|---|
| Тема | Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words |
| Дата | |
| Msg-id | 138396.1755184489@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words (David Rowley <dgrowleyml@gmail.com>) |
| Ответы |
Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words
Re: [PATCH] bms_prev_member() can read beyond the end of the array of allocated words |
| Список | pgsql-hackers |
David Rowley <dgrowleyml@gmail.com> writes:
> It is valid to pass prevbit as a->nwords * BITS_PER_BITMAPWORD as the
> code does "prevbit--;". Maybe it would be less confusing if it were
> written as:
> * "prevbit" must be less than or equal to "a->nwords * BITS_PER_BITMAPWORD".
> The Assert should be using <= rather than <.
Actually, I don't agree with that. It's true that it wouldn't fail,
but a caller doing that is exhibiting undue intimacy with the innards
of Bitmapsets. The expected usage is that the argument is initially
-1 and after that the result of the previous call (which'll
necessarily be less than a->nwords * BITS_PER_BITMAPWORD). We don't
have any state with which we can verify the chain of calls, but it
seems totally reasonable to me to disallow an outside caller
providing an argument >= a->nwords * BITS_PER_BITMAPWORD.
regards, tom lane
В списке pgsql-hackers по дате отправления: