Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5RhU-0068fM-VT for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Oct 2024 15:30:37 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t5RhS-007g1C-TK for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Oct 2024 15:30:35 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5RhS-007g0z-8t for pgsql-hackers@lists.postgresql.org; Mon, 28 Oct 2024 15:30:34 +0000 Received: from relay3-d.mail.gandi.net ([2001:4b98:dc4:8::223]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5RhP-003I8k-KH for pgsql-hackers@postgresql.org; Mon, 28 Oct 2024 15:30:33 +0000 Received: by mail.gandi.net (Postfix) with ESMTPSA id 060D860003; Mon, 28 Oct 2024 15:30:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vondra.me; s=gm1; t=1730129429; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m/atmjVebRxpJMA+evm7Gmo3XyNWevHLEcSyhavxzZ0=; b=VRKQMt9duNQat6A+zlLREBDleqr6o4vdwzJQt+sgAAjz1O8s5WowiuB2XPUmeUe6EdYTAf 9++rJ1kz4wR0fDg6a6MbBiTE0AC7TfbfUtXdz+HmUpdnokd04i9FOd0FHJhslW2zSXugyM WuDCT6TWFXc5yIPfAGMunCd6FaHWf0rL3lv6H4KrsScE7/tsKExWS6AU2P2cEBinLuR28q CNIvDBMV5vvH2TBe1XRAg+R8J07VqNYjesb4w4ipfZZFeqFKh48ZuSpr5haWMoLVTTFLUN 9nW5qmn6KAGedrzM9Nu4h3wlQCocqUGEJjwSYEI8wx1vVboCVJqEn9XVK60xPA== Message-ID: <54ee5b1f-bf75-48ea-b642-1ef275c1a093@vondra.me> Date: Mon, 28 Oct 2024 16:30:26 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c) To: Heikki Linnakangas , Ranier Vilela , Nathan Bossart , Tomas Vondra Cc: Pg Hackers References: Content-Language: en-US From: Tomas Vondra In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-GND-Sasl: tomas@vondra.me List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 10/28/24 13:13, Heikki Linnakangas wrote: > On 09/10/2024 19:16, Ranier Vilela wrote: >> Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart >> > escreveu: >> >>     On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote: >>      > The port function *bsearch_arg* mimics the C function >>      > *bsearch*. >>      > >>      > The API signature is: >>      > void * >>      > bsearch_arg(const void *key, const void *base0, >>      > size_t nmemb, size_t size, >>      > int (*compar) (const void *, const void *, void *), >>      > void *arg) >>      > >>      > So, the parameter *nmemb* is size_t. >>      > Therefore, a call with nmemb greater than INT_MAX is possible. >>      > >>      > Internally the code uses the *int* type to iterate through the >>     number of >>      > members, which makes overflow possible. >> >>     I traced this back to commit bfa2cee (v14), which both moved >>     bsearch_arg() >>     to its current location and adjusted the style a bit.  Your patch >> looks >>     reasonable to me. >> >> Thanks for looking. > > Committed, thanks. > > Based on the original discussion on bfa2cee, I couldn't figure out where > exactly this new bsearch implementation originated from, but googling > around, probably *BSD or libiberty. Tomas, do you remember? Not that it > matters, but I'm curious. > I don't remember, unfortunately :-( I think it was one of the *BSDs, because of license, but I'm not quite sure why I changed the code at all during the move. > Some of those other implementations have fixed this, others have not. > And they all seem to also have the "involes" typo in the comment that we > fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this > fix to those other projects too. > Thanks for fixing this, although I wonder if we can actually hit this, as we don't really allocate more than 1GB in most places. But it's possible, and the pre-bfa2cee code handled it fine. regards -- Tomas Vondra