Home > mailing lists

[MASSMAIL]Fix out-of-bounds in the function GetCommandTagName - Mailing list pgsql-hackers

From	Ranier Vilela
Subject	[MASSMAIL]Fix out-of-bounds in the function GetCommandTagName
Date	April 14, 2024 23:17:35
Msg-id	CAEudQAoY0xrKuTAX7W10zsjjUpKBPFRtdCyScb3Z0FB2v6HNmQ@mail.gmail.com Whole thread Raw
Responses	Re: Fix out-of-bounds in the function GetCommandTagName
List	pgsql-hackers

Tree view

Hi,

Per Coverity.

Coverity has reported some out-of-bounds bugs

related to the GetCommandTagName function.

CID 1542964: (#1 of 1): Out-of-bounds access (OVERRUN)

7. overrun-call: Overrunning callee's array of size 193 by passing argument commandtag (which evaluates to 193) in call to GetCommandTagName.[

It turns out that the root of the problem is found in the declaration of the tag_behavior array, which is found in src/backend/tcop/cmdtag.c.

The size of the array is defined by COMMAND_TAG_NEXTTAG enum,

whose value currently corresponds to 193.

Since enum items are evaluated starting at zero, by default.

It turns out that the final size of the array, 193, limits the number of items to 192, which excludes the last TAG
PG_CMDTAG(CMDTAG_VACUUM, "VACUUM", false, false, false)

Fixed leaving it up to the compiler to determine the final size of the array.

Patch attached.

best regards,

Ranier Vilela

pgsql-hackers by date:

From: Andres Freund
Date: 14 April 2024, 22:33:05
Subject: [MASSMAIL]Differential code coverage between 16 and HEAD

From: David Rowley
Date: 14 April 2024, 23:20:16
Subject: [MASSMAIL]Stability of queryid in minor versions

[MASSMAIL]Fix out-of-bounds in the function GetCommandTagName - Mailing list pgsql-hackers

Previous

Next