diff options
| author | Michael Paquier | 2021-11-12 12:49:21 +0000 |
|---|---|---|
| committer | Michael Paquier | 2021-11-12 12:49:21 +0000 |
| commit | a45ed975c58fde7303eeae488b313bf0314383f7 (patch) | |
| tree | 7660a2c42c4942a21e542daa17b6de3bf234a75e | |
| parent | 335474691054a74d771f0e7c24d25e800e3a37b6 (diff) | |
Fix memory overrun when querying pg_stat_slru
pg_stat_get_slru() in pgstatfuncs.c would point to one element after the
end of the array PgStat_SLRUStats when finishing to scan its entries.
This had no direct consequences as no data from the extra memory area
was read, but static analyzers would rightfully complain here. So let's
be clean.
While on it, this adds one regression test in the area reserved for
system views.
Reported-by: Alexander Kozhemyakin, via AddressSanitizer
Author: Kyotaro Horiguchi
Discussion: https://postgr.es/m/[email protected]
Backpatch-through: 13
| -rw-r--r-- | src/backend/utils/adt/pgstatfuncs.c | 3 | ||||
| -rw-r--r-- | src/test/regress/expected/sysviews.out | 7 | ||||
| -rw-r--r-- | src/test/regress/sql/sysviews.sql | 3 |
3 files changed, 12 insertions, 1 deletions
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c index ff5aedc99c..e64857e540 100644 --- a/src/backend/utils/adt/pgstatfuncs.c +++ b/src/backend/utils/adt/pgstatfuncs.c @@ -1911,7 +1911,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) /* for each row */ Datum values[PG_STAT_GET_SLRU_COLS]; bool nulls[PG_STAT_GET_SLRU_COLS]; - PgStat_SLRUStats stat = stats[i]; + PgStat_SLRUStats stat; const char *name; name = pgstat_slru_name(i); @@ -1919,6 +1919,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) if (!name) break; + stat = stats[i]; MemSet(values, 0, sizeof(values)); MemSet(nulls, 0, sizeof(nulls)); diff --git a/src/test/regress/expected/sysviews.out b/src/test/regress/expected/sysviews.out index 6e54f3e15e..2088857615 100644 --- a/src/test/regress/expected/sysviews.out +++ b/src/test/regress/expected/sysviews.out @@ -76,6 +76,13 @@ select count(*) >= 0 as ok from pg_prepared_xacts; t (1 row) +-- There will surely be at least one SLRU cache +select count(*) > 0 as ok from pg_stat_slru; + ok +---- + t +(1 row) + -- There must be only one record select count(*) = 1 as ok from pg_stat_wal; ok diff --git a/src/test/regress/sql/sysviews.sql b/src/test/regress/sql/sysviews.sql index dc8c9a3ac2..b24816e3d5 100644 --- a/src/test/regress/sql/sysviews.sql +++ b/src/test/regress/sql/sysviews.sql @@ -37,6 +37,9 @@ select count(*) = 0 as ok from pg_prepared_statements; -- See also prepared_xacts.sql select count(*) >= 0 as ok from pg_prepared_xacts; +-- There will surely be at least one SLRU cache +select count(*) > 0 as ok from pg_stat_slru; + -- There must be only one record select count(*) = 1 as ok from pg_stat_wal; |