mirror of
				https://github.com/postgres/postgres.git
				synced 2025-10-25 13:17:41 +03:00 
			
		
		
		
	Fix memory overrun when querying pg_stat_slru
pg_stat_get_slru() in pgstatfuncs.c would point to one element after the end of the array PgStat_SLRUStats when finishing to scan its entries. This had no direct consequences as no data from the extra memory area was read, but static analyzers would rightfully complain here. So let's be clean. While on it, this adds one regression test in the area reserved for system views. Reported-by: Alexander Kozhemyakin, via AddressSanitizer Author: Kyotaro Horiguchi Discussion: https://postgr.es/m/17280-37da556e86032070@postgresql.org Backpatch-through: 13
This commit is contained in:
		| @@ -1911,7 +1911,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) | |||||||
| 		/* for each row */ | 		/* for each row */ | ||||||
| 		Datum		values[PG_STAT_GET_SLRU_COLS]; | 		Datum		values[PG_STAT_GET_SLRU_COLS]; | ||||||
| 		bool		nulls[PG_STAT_GET_SLRU_COLS]; | 		bool		nulls[PG_STAT_GET_SLRU_COLS]; | ||||||
| 		PgStat_SLRUStats stat = stats[i]; | 		PgStat_SLRUStats stat; | ||||||
| 		const char *name; | 		const char *name; | ||||||
|  |  | ||||||
| 		name = pgstat_slru_name(i); | 		name = pgstat_slru_name(i); | ||||||
| @@ -1919,6 +1919,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) | |||||||
| 		if (!name) | 		if (!name) | ||||||
| 			break; | 			break; | ||||||
|  |  | ||||||
|  | 		stat = stats[i]; | ||||||
| 		MemSet(values, 0, sizeof(values)); | 		MemSet(values, 0, sizeof(values)); | ||||||
| 		MemSet(nulls, 0, sizeof(nulls)); | 		MemSet(nulls, 0, sizeof(nulls)); | ||||||
|  |  | ||||||
|   | |||||||
| @@ -76,6 +76,13 @@ select count(*) >= 0 as ok from pg_prepared_xacts; | |||||||
|  t |  t | ||||||
| (1 row) | (1 row) | ||||||
|  |  | ||||||
|  | -- There will surely be at least one SLRU cache | ||||||
|  | select count(*) > 0 as ok from pg_stat_slru; | ||||||
|  |  ok  | ||||||
|  | ---- | ||||||
|  |  t | ||||||
|  | (1 row) | ||||||
|  |  | ||||||
| -- There must be only one record | -- There must be only one record | ||||||
| select count(*) = 1 as ok from pg_stat_wal; | select count(*) = 1 as ok from pg_stat_wal; | ||||||
|  ok  |  ok  | ||||||
|   | |||||||
| @@ -37,6 +37,9 @@ select count(*) = 0 as ok from pg_prepared_statements; | |||||||
| -- See also prepared_xacts.sql | -- See also prepared_xacts.sql | ||||||
| select count(*) >= 0 as ok from pg_prepared_xacts; | select count(*) >= 0 as ok from pg_prepared_xacts; | ||||||
|  |  | ||||||
|  | -- There will surely be at least one SLRU cache | ||||||
|  | select count(*) > 0 as ok from pg_stat_slru; | ||||||
|  |  | ||||||
| -- There must be only one record | -- There must be only one record | ||||||
| select count(*) = 1 as ok from pg_stat_wal; | select count(*) = 1 as ok from pg_stat_wal; | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user