Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5Ocs-005ppo-Dp for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Oct 2024 12:13:39 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t5Ocq-006AVG-QC for pgsql-hackers@arkaria.postgresql.org; Mon, 28 Oct 2024 12:13:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5Ocq-006ASx-CS for pgsql-hackers@lists.postgresql.org; Mon, 28 Oct 2024 12:13:36 +0000 Received: from lahtoruutu.iki.fi ([2a0b:5c81:1c1::37]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t5Ocm-003Ghp-4w for pgsql-hackers@postgresql.org; Mon, 28 Oct 2024 12:13:35 +0000 Received: from [192.168.1.149] (dsl-hkibng22-50ddb7-241.dhcp.inet.fi [80.221.183.241]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: hlinnaka) by lahtoruutu.iki.fi (Postfix) with ESMTPSA id 4XcXNP3pyPz49Pyt; Mon, 28 Oct 2024 14:13:25 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1730117606; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q02LNc/KJYSuISarIIX2x1GvWxW9DSI+kbTGoNkgfiI=; b=PSlr0eEQdAzjQCEDaiyyb+mje7CegGF1kfYsX2GCA4gBZYVHL35nPmte4j9X3bBHPRGqSG 4XS+M7WCbdwQqHQzPNgAOEUgU0nkgFBhobRJ0jAfbOM1RUVHZ3cOYr0JWZ7WH/pVtCZ1Wf 9PD1sA+C3rYODiDG7zVgox+UXw22xlEASSshqoXxsDkPJXbMJC76qJsk6Lfohiy7Hi6r1R 521ejoM/lGOFDlIKV6BSDKzetCzBTxoUt81+zeBo5nQTkWBogqx1ekhImmxoT4WxxGFWcX UGuyISM6FscoOU0Nzgr5HakdpomhPBB4n/e3oLQQAV/sHcBmJF4IbxHlS8A2Pw== ARC-Seal: i=1; s=lahtoruutu; d=iki.fi; t=1730117606; a=rsa-sha256; cv=none; b=I6DADhn/m01YPX66/YH6qRCaZIUBSupv8+iVL4W1eq7yitCkHevMMHtNGOI99bEOOB/PDb de0R9L1MuggDLahss9ZlugpjyfqE++u9qPKKrddwqB+znQEQ4Cj3qnoVt1VmHoO8DbPkhL t1QSLo0To2+sLvC6HELdgd4Geddz/FdgILaGOCmmP151mgd+vHbMvJQpI0+v025aE+Ivun Lb8TwTMLOc7olgY5T+ttRKelPDdfA+JzBz1+rc/BLy6jqQnpY9Ds5DKMWWHxkDbwZijPVl KoX2PMfTMSZefEpewhk8mH9i7tlwoyL1I3jwKH6V1gn0vI6pzU7ovXzjglrPWA== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=hlinnaka smtp.mailfrom=hlinnaka@iki.fi ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; s=lahtoruutu; t=1730117606; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=q02LNc/KJYSuISarIIX2x1GvWxW9DSI+kbTGoNkgfiI=; b=hNmyscrfIQTi0vWbfqup0b4tkUo+lHr/ZBJxLSvsQAhelxjBkI9VttS6T2lryJCIPm3PfB eFkZS8LEIGq0ZCcSAII0950DmGSB5i2ZlDZ0+VdqHXgN+7AmxR/JwjYumgyFTXeTEtyZy8 AuhZiwV0HDCksrCtJn8xby1gDj//vggsBCFokOsSt2UupDEk3PnH5tm5wJ9KmBLlaCB5kl R30bQNDlc+T2b26JAb/Ju5XUgaqotvp2VXkOiYDrMKEleLfuqE2qoY2ZrkfqosNaTom8dl AcF36JV+YmHmAtaXVwEmezO+1Vy3yBm85zaQ8hgLff8ZSrUhqEWRTOyTfHui1Q== Message-ID: Date: Mon, 28 Oct 2024 14:13:25 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Avoid possible overflow (src/port/bsearch_arg.c) To: Ranier Vilela , Nathan Bossart , Tomas Vondra Cc: Pg Hackers References: Content-Language: en-US From: Heikki Linnakangas In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 09/10/2024 19:16, Ranier Vilela wrote: > Em ter., 8 de out. de 2024 às 18:28, Nathan Bossart > > escreveu: > > On Tue, Oct 08, 2024 at 04:09:00PM -0300, Ranier Vilela wrote: > > The port function *bsearch_arg* mimics the C function > > *bsearch*. > > > > The API signature is: > > void * > > bsearch_arg(const void *key, const void *base0, > > size_t nmemb, size_t size, > > int (*compar) (const void *, const void *, void *), > > void *arg) > > > > So, the parameter *nmemb* is size_t. > > Therefore, a call with nmemb greater than INT_MAX is possible. > > > > Internally the code uses the *int* type to iterate through the > number of > > members, which makes overflow possible. > > I traced this back to commit bfa2cee (v14), which both moved > bsearch_arg() > to its current location and adjusted the style a bit.  Your patch looks > reasonable to me. > > Thanks for looking. Committed, thanks. Based on the original discussion on bfa2cee, I couldn't figure out where exactly this new bsearch implementation originated from, but googling around, probably *BSD or libiberty. Tomas, do you remember? Not that it matters, but I'm curious. Some of those other implementations have fixed this, others have not. And they all seem to also have the "involes" typo in the comment that we fixed in commit 7ef8b52cf07 :-). Ranier, you might want to submit this fix to those other projects too. -- Heikki Linnakangas Neon (https://neon.tech)