Re: Unsafe access BufferDescriptors array in BufferGetLSNAtomic()

Hi Tender,

I’ve looked through the patch, and I believe there is a potential issue. The default size for BufferDescriptors appears
tobe 16,384. Passing and casting a negative buffer ID to a large unsigned integer in GetBufferDescriptor, and then
usingit as an array subscript, could potentially lead to an overflow.
 

void
BufferManagerShmemInit(void)
{
    bool        foundBufs,
                foundDescs,
                foundIOCV,
                foundBufCkpt;

    /* Align descriptors to a cacheline boundary. */
    BufferDescriptors = (BufferDescPadded *)
        ShmemInitStruct("Buffer Descriptors",
                        NBuffers * sizeof(BufferDescPadded),
                        &foundDescs);

int            NBuffers = 16384;

The changes proposed in the patch seem reasonable to me, but it might be helpful to include an explanation of the error
caseand how it’s handled.
 

Best regards,
[Xuneng]

The new status of this patch is: Waiting on Author