hash_create(nelem = 0) does invalid memory accesses

Started by Andres Freundover 9 years ago2 messageshackers

andres@anarazel.de

over 9 years ago

Hi,

debugging a citus valgrind bleat I noticed that hash_create() accesses
the result of palloc(0) as an hash element:
HTAB *
hash_create(const char *tabname, long nelem, HASHCTL *info, int flags)
{
...
if ((flags & HASH_SHARED_MEM) ||
nelem < hctl->nelem_alloc)
{
if (!element_alloc(hashp, (int) nelem))
ereport(ERROR,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("out of memory")));
}
...}

I.e. e call element_alloc with nelem = 0. There we then do:
static bool
element_alloc(HTAB *hashp, int nelem)
{
...
firstElement = (HASHELEMENT *) hashp->alloc(nelem * elementSize);
...
firstElement->link = hctlv->freeList;
}

which means we'll write to the result of palloc(0).

Do we consider this an API usage error that we want to fix?

Greetings,

Andres Freund

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Tom Lane

tgl@sss.pgh.pa.us

over 9 years ago

In reply to: Andres Freund (#1)

Re: hash_create(nelem = 0) does invalid memory accesses

Andres Freund <andres@anarazel.de> writes:

debugging a citus valgrind bleat I noticed that hash_create() accesses
the result of palloc(0) as an hash element:
Do we consider this an API usage error that we want to fix?

I think Assert(nelem > 0) would be an appropriate response.
There are probably issues in sizing the hashtable quite aside
from this one.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers