Out-of-bounds access (ARRAY_VS_SINGLETON) (src/backend/access/nbtree/nbtdedup.c)

Поиск

Список

Период

Сортировка

От	Ranier Vilela
Тема	Out-of-bounds access (ARRAY_VS_SINGLETON) (src/backend/access/nbtree/nbtdedup.c)
Дата	25 августа 2020 г. 20:13:42
Msg-id	CAEudQApgDeBDdA0BOtU89KMTZ+eDCqVTuPB=ohG0yMLE6NniAw@mail.gmail.com обсуждение исходный текст
Ответы	Re: Out-of-bounds access (ARRAY_VS_SINGLETON) (src/backend/access/nbtree/nbtdedup.c) (Peter Geoghegan <pg@bowt.ie>)
Список	pgsql-hackers

Hi,

Per Coverity.

ARRAY vs SINGLETON

If variable htids is accessed like array, but is a simple pointer, can be

"This might corrupt or misinterpret adjacent memory locations."

at line 723:

/* Form standard non-pivot tuple */
itup->t_info &= ~INDEX_ALT_TID_MASK;
htids = &itup->t_tid;

1. Here htids is a SINGLETON?

So:

At line 723:

htids[ui++] = *BTreeTupleGetPostingN(origtuple, i);

2. htids is accessed how ARRAY?

And is acessed at positions 0 and 1, according (nhtids == 1):

Assert(ui == nhtids);

The htids[1] are destroying something at this memory position.

regards,

Ranier Vilela

В списке pgsql-hackers по дате отправления:

От: Andrew Dunstan
Дата: 25 августа 2020 г., 20:03:37
Сообщение: Re: Continuing instability in insert-conflict-specconflict test

От: Andy Fan
Дата: 25 августа 2020 г., 20:18:34
Сообщение: Re: Hybrid Hash/Nested Loop joins and caching results from subplans