Avoid a possible out-of-bounds access (src/backend/optimizer/util/relnode.c)

Поиск
Список
Период
Сортировка
От Ranier Vilela
Тема Avoid a possible out-of-bounds access (src/backend/optimizer/util/relnode.c)
Дата
Msg-id CAEudQArQSghBu2gLojg4o_tnHj_x2HcS=+wewL3NJS8z0VnK+g@mail.gmail.com
обсуждение исходный текст
Ответы Re: Avoid a possible out-of-bounds access (src/backend/optimizer/util/relnode.c)  (Etsuro Fujita <etsuro.fujita@gmail.com>)
Re: Avoid a possible out-of-bounds access (src/backend/optimizer/util/relnode.c)  (Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>)
Список pgsql-hackers
Дерево обсуждения
Hi,

Per Coverity.
CID 1518088 (#2 of 2): Improper use of negative value (NEGATIVE_RETURNS)

The function bms_singleton_member can returns a negative number.

/*
* Get a child rel for rel2 with the relids.  See above comments.
*/
if (rel2_is_simple)
{
int varno = bms_singleton_member(child_relids2);

child_rel2 = find_base_rel(root, varno);
}

It turns out that in the get_matching_part_pairs function (joinrels.c), the return of bms_singleton_member is passed to the find_base_rel function, which cannot receive a negative value.

find_base_rel is protected by an Assertion, which effectively indicates that the error does not occur in tests and in DEBUG mode.

But this does not change the fact that bms_singleton_member can return a negative value, which may occur on some production servers.

Fix by changing the Assertion into a real test, to protect the simple_rel_array array.

best regards,
Ranier Vilela
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Amit Kapila
Дата:
Сообщение: Re: Invalidate the subscription worker in cases where a user loses their superuser status
Следующее
От: Alexander Lakhin
Дата:
Сообщение: Should rolpassword be toastable?