Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1syZMm-000qre-GZ for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Oct 2024 16:16:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1syZMl-002xm3-L1 for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Oct 2024 16:16:48 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1syZMl-002xlv-BE for pgsql-hackers@lists.postgresql.org; Wed, 09 Oct 2024 16:16:47 +0000 Received: from mail-pf1-x432.google.com ([2607:f8b0:4864:20::432]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1syZMj-0003oG-7O for pgsql-hackers@postgresql.org; Wed, 09 Oct 2024 16:16:46 +0000 Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-71dfc1124cdso906393b3a.1 for ; Wed, 09 Oct 2024 09:16:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728490604; x=1729095404; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=puJeMphFz9bR4UYQjGSAvv97Hs8HeuXw3jqS2Z+bgdQ=; b=EWa4G18rW33brBP/ZBUclEaUaOv36YDnQkfMcK/pKeSCxyeHKJawXZyEct8mikBnVz jS7Or2dENopZrSSYEYOT6oOOrPUfOuD8Z0cDeKgOduOU1WYh8+9IQYMI96y8FcZ5BSsY YqTor4mFL2/ZIiprU8x5+BXOU6alLuRkRX2WVSx5Cn2dj+X5ebf3FGm7FhcQ/QX+qfAr gQE0vYAFBf9DLMKi8JvD6ggIF1gYKict2OE1qdnMB/bRaJGsyNdBPitJ2VqKiszOHrKj /W3oAcepy3Gv/LktTGleU3MPeGyVkkLCdMSqTZ8m2iX4RNBjqf/oTSvvUettLYdQebWn 8Eeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728490604; x=1729095404; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=puJeMphFz9bR4UYQjGSAvv97Hs8HeuXw3jqS2Z+bgdQ=; b=R3NpNXpqGvkS41bCX0EX5iKv/IV3jAVxRe0PFsL/5PFi89rkXl2eRjlirbjBBp+Heh 2bKEmNy84YlBEqF9qKFryWdPLh7oP1ox+GkdCS3fmSwBz7nfpf3eVSaFqln2dmTzbI6t 8XSlkEiFm4Ieqqdf5mGdqBaaDc+EM37w6TU7D/o6CFKlcr3kilIoJxOMiaMZexi2tGd5 Fz4bPHlQmrK+hBM2vfxcvEwpSgtgMYhZn1owyewLXV42th2Q9d+87VX182qT1AUKyHtw wVHZABOlKsvzO4oH+p0qRBieZR4Hd/rQAlo2va3iTuXPkesEOFMap36xxA1PUlxBAaTD dJNg== X-Gm-Message-State: AOJu0Ywi9GQPbjy9OyjCTAYPTfW2+vmkgb1uH2/efY5AUwNHxgLhB5OO R9lwNiSqynSSuzusSfuVYEWNSkoXJLml4TA2+a6eJjQMbO1FEjYcCVr6tmIBDI1O2QKpU+IEo/3 lxb36h/2XUHyyAp4q1mGDsSCaIUk= X-Google-Smtp-Source: AGHT+IEGPi1v5dHRsrmk/jOgFQy90Po2PSc1JKrMPcgjyZ4mlUaa8Qp1x6lm3L8yaCRF1yptkYE8Zh0MHJY1k4KediU= X-Received: by 2002:a05:6a00:9142:b0:71d:ea34:977d with SMTP id d2e1a72fcca58-71e26e8c156mr266094b3a.8.1728490604155; Wed, 09 Oct 2024 09:16:44 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ranier Vilela Date: Wed, 9 Oct 2024 13:16:31 -0300 Message-ID: Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c) To: Nathan Bossart Cc: Pg Hackers Content-Type: multipart/alternative; boundary="000000000000755ab406240d94a2" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000755ab406240d94a2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Em ter., 8 de out. de 2024 =C3=A0s 18:28, Nathan Bossart < nathandbossart@gmail.com> escreveu: > On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote: > > The port function *bsearch_arg* mimics the C function > > *bsearch*. > > > > The API signature is: > > void * > > bsearch_arg(const void *key, const void *base0, > > size_t nmemb, size_t size, > > int (*compar) (const void *, const void *, void *), > > void *arg) > > > > So, the parameter *nmemb* is size_t. > > Therefore, a call with nmemb greater than INT_MAX is possible. > > > > Internally the code uses the *int* type to iterate through the number o= f > > members, which makes overflow possible. > > I traced this back to commit bfa2cee (v14), which both moved bsearch_arg(= ) > to its current location and adjusted the style a bit. Your patch looks > reasonable to me. > Thanks for looking. best regards, Ranier Vilela --000000000000755ab406240d94a2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Em ter., 8 de out. de 2024 =C3=A0s 18:28, Nathan Bossart <nathandbossart@gmail.com> escre= veu:
On Tue, Oct= 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote:
> The port function *bsearch_arg* mimics the C function
> *bsearch*.
>
> The API signature is:
> void *
> bsearch_arg(const void *key, const void *base0,
> size_t nmemb, size_t size,
> int (*compar) (const void *, const void *, void *),
> void *arg)
>
> So, the parameter *nmemb* is size_t.
> Therefore, a call with nmemb greater than INT_MAX is possible.
>
> Internally the code uses the *int* type to iterate through the number = of
> members, which makes overflow possible.

I traced this back to commit bfa2cee (v14), which both moved bsearch_arg()<= br> to its current location and adjusted the style a bit.=C2=A0 Your patch look= s
reasonable to me.
Thanks for looking.

best regards,
Ranier Vilela
--000000000000755ab406240d94a2--