BUG #15312: Possible access to unintended variable in "postgres/src/backend/postmaster/pgstat.c" line 2698
The following bug has been logged on the website:
Bug reference: 15312
Logged by: Petru-Florin Mihancea
Email address: petrum@gmail.com
PostgreSQL version: Unsupported/Unknown
Operating system: Macosx
Description:
While experimenting with a CodeSonar plugin we develop, we noticed a
potential bug in file "postgres/src/backend/postmaster/pgstat.c" line 2698
function CreateSharedBackendStatus.
/* Create or attach to the shared activity buffer */
BackendActivityBufferSize = mul_size(pgstat_track_activity_query_size,
NumBackendStatSlots);
BackendActivityBuffer = (char *)
ShmemInitStruct("Backend Activity Buffer",
BackendActivityBufferSize,
&found);
if (!found)
{
MemSet(BackendActivityBuffer, 0, size); //HERE
/* Initialize st_activity pointers. */
buffer = BackendActivityBuffer;
for (i = 0; i < NumBackendStatSlots; i++)
{
BackendStatusArray[i].st_activity_raw = buffer;
buffer += pgstat_track_activity_query_size;
}
}
Shouldn't BackendActivityBufferSize be accessed in the marked line instead
of size?
Thanks,
Petru Florin Mihancea
On 2018-Aug-07, PG Bug reporting form wrote:
While experimenting with a CodeSonar plugin we develop, we noticed a
potential bug in file "postgres/src/backend/postmaster/pgstat.c" line 2698
function CreateSharedBackendStatus.
Hmm, yeah this is a bug, introduced by commit c8e8b5a6e20b AFAICS.
--
�lvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes:
MemSet(BackendActivityBuffer, 0, size); //HERE
Shouldn't BackendActivityBufferSize be accessed in the marked line instead
of size?
Yeah, I think you're right --- looks like a pretty obvious copy-and-paste
oversight. It's probably harmless as long as
pgstat_track_activity_query_size is at least NAMEDATALEN, but it's
not good.
Thanks for reporting that!
regards, tom lane