BUG #4724: Array index out of bounds
The following bug has been logged online:
Bug reference: 4724
Logged by: Ett Martin
Email address: ettl.martin@gmx.de
PostgreSQL version: 8.3.7
Operating system: Linux
Description: Array index out of bounds
Details:
I have checked the sources with a static code analysis tool cppcheck:
cppcheck -q -a -j2 postgresql-8.3.7
[postgresql-8.3.7/contrib/cube/cube.c:1418]: (all) Array index out of
bounds
[postgresql-8.3.7/contrib/cube/cube.c:1437]: (all) Array index out of
bounds
Best regards
Ettl Martin
Ett Martin wrote:
I have checked the sources with a static code analysis tool cppcheck:
cppcheck -q -a -j2 postgresql-8.3.7
[postgresql-8.3.7/contrib/cube/cube.c:1418]: (all) Array index out of
bounds
[postgresql-8.3.7/contrib/cube/cube.c:1437]: (all) Array index out of
bounds
Have you then verified that the complaint is actually valid? Static
analysis tools only point out places where you might want to look.
It's common in C to do things like:
struct block {
block *next;
size_t blockdata_size;
uint8_t blockdata[0];
}
where you allocate a `block' structure using something like:
block* alloc_block(size_t numbytes)
{
return (block*)(malloc(sizeof(block)+numbytes));
}
Because C permits indexing past the end of an array, you can then safely
and legally access your allocated memory past the block header with
things like:
someblock->blockdata[11];
Static analysis tools won't realise what's going on, and will complain.
I'd say after a quick glance that that's what's happening here, though
I'm far from certain.
--
Craig Ringer
"Ett Martin" <ettl.martin@gmx.de> writes:
I have checked the sources with a static code analysis tool cppcheck:
cppcheck -q -a -j2 postgresql-8.3.7
[postgresql-8.3.7/contrib/cube/cube.c:1418]: (all) Array index out of
bounds
[postgresql-8.3.7/contrib/cube/cube.c:1437]: (all) Array index out of
bounds
Looks like you'd better get a smarter code analysis tool.
regards, tom lane