Avoid possible overflow (src/port/bsearch_arg.c)
Ranier Vilela <ranier.vf@gmail.com>
From: Ranier Vilela <ranier.vf@gmail.com>
To: Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2024-10-08T19:09:00Z
Lists: pgsql-hackers
Attachments
- avoid-possible-overflow-bsearch_arg.patch (application/octet-stream) patch
Hi. The port function *bsearch_arg* mimics the C function *bsearch*. The API signature is: void * bsearch_arg(const void *key, const void *base0, size_t nmemb, size_t size, int (*compar) (const void *, const void *, void *), void *arg) So, the parameter *nmemb* is size_t. Therefore, a call with nmemb greater than INT_MAX is possible. Internally the code uses the *int* type to iterate through the number of members, which makes overflow possible. Trivial fix attached. best regards, Ranier Vilela
Commits
-
Fix overflow in bsearch_arg() with more than INT_MAX elements
- 55327256a049 14.14 landed
- 07ca2d4110d4 15.9 landed
- 211e6a5b2b26 16.5 landed
- 22b914121ad8 17.1 landed
- de5afddc3ba4 18.0 landed
-
Fix typos and grammar in comments and docs
- 7ef8b52cf079 14.0 cited
-
Move bsearch_arg to src/port
- bfa2cee78412 14.0 cited