public inbox for [email protected]
help / color / mirror / Atom feedFrom: Michael Paquier <[email protected]>
To: [email protected]
Subject: pgsql: pg_surgery: Fix off-by-one bug with heap offset
Date: Fri, 05 Jun 2026 23:17:27 +0000
Message-ID: <[email protected]> (raw)
pg_surgery: Fix off-by-one bug with heap offset
heap_force_common() declared a boolean array indexed with an
OffsetNumber for a size of MaxHeapTuplesPerPage. OffsetNumbers are
1-based, so an input TID whose offset number equals MaxHeapTuplesPerPage
wrote one byte past the end of the stack array, crashing the server.
Like heapam_handler.c, this commit changes the array so as it uses a
0-based index, substracting one from the OffsetNumbers.
Reported-by: Wang Yuelin <[email protected]>
Reviewed-by: Ashutosh Sharma <[email protected]>
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 14
Branch
------
REL_14_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/1eda3eb0753ac6c788c11830e9abc0821f7afd48
Modified Files
--------------
contrib/pg_surgery/heap_surgery.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
view thread (6+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgsql: pg_surgery: Fix off-by-one bug with heap offset
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox