public inbox for [email protected]  
help / color / mirror / Atom feed
From: Nathan Bossart <[email protected]>
To: Thomas Munro <[email protected]>
Cc: pgsql-hackers <[email protected]>
Subject: Re: UBSan pointer overflow in xlogreader.c
Date: Tue, 5 Dec 2023 12:04:02 -0600
Message-ID: <20231205180402.GB2757816@nathanxps13> (raw)
In-Reply-To: <CA+hUKGKH0oRPOX7DhiQ_b51sM8HqcPp2J3WA-Oen=dXog+AGGQ@mail.gmail.com>
References: <CA+hUKGKH0oRPOX7DhiQ_b51sM8HqcPp2J3WA-Oen=dXog+AGGQ@mail.gmail.com>

On Wed, Dec 06, 2023 at 12:03:53AM +1300, Thomas Munro wrote:
> xlogreader.c has a pointer overflow bug, as revealed by the
> combination of -fsanitize=undefined -m32, the new 039_end_of_wal.pl
> test and Robert's incremental backup patch[1].  The bad code tests
> whether an object could fit using something like base + size <= end,
> which can be converted to something like size <= end - base to avoid
> the overflow.  See experimental fix patch, attached.

The patch LGTM.  I wonder if it might be worth creating some special
pointer arithmetic routines (perhaps using the stuff in common/int.h) to
help prevent this sort of thing in the future.  But that'd require you to
realize that your code is at risk of overflow, at which point it's probably
just as easy to restructure the logic like you've done here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com






view thread (2+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: UBSan pointer overflow in xlogreader.c
  In-Reply-To: <20231205180402.GB2757816@nathanxps13>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox