Re: Plug-in coverage hole for pglz_decompress()

Ayush Tiwari <ayushtiwari.slg01@gmail.com>

From: Ayush Tiwari <ayushtiwari.slg01@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Postgres hackers <pgsql-hackers@lists.postgresql.org>, Andrew Dunstan <andrew@dunslane.net>
Date: 2026-05-11T06:57:43Z
Lists: pgsql-hackers
Hi,

On Mon, 11 May 2026 at 12:06, Michael Paquier <michael@paquier.xyz> wrote:

> Hi all,
> (Andrew in CC, in case.)
>
> While doing a post-commit review of 67d318e70402, I have noticed the
> following coverage hole in pglz_decompress(), where a failure of this
> check is not covered, see also [1]:
>     if (unlikely(off == 0 ||
>                  off > (dp - (unsigned char *) dest)))
>         return -1;
>
> This can be triggered easily with the two following sequences in the
> regression tests:
> SELECT test_pglz_decompress('\x011001'::bytea, 1024, true);
> SELECT test_pglz_decompress('\x010300'::bytea, 1024, true);
>
> It's unfortunately too late for this round of minor releases, but I'd
> like to fix this hole once the next minor versions are tagged, down to
> v14.  If there are any objections or comments, feel free.  Mea culpa.
>
>
I looked at this on my current master.  The patch applies cleanly and
compression_pglz passes for me.

The two added inputs seem to cover the intended cases: one produces an
offset larger than the amount of output already written, and the other
produces offset zero, so both exercise the corrupt-input guard in
pglz_decompress().

Patch looks good to me.

Regards,
Ayush