Thread

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Add more tests for corrupted data with pglz_decompress()

  1. Plug-in coverage hole for pglz_decompress()

    Michael Paquier <michael@paquier.xyz> — 2026-05-11T06:35:50Z

    Hi all,
    (Andrew in CC, in case.)
    
    While doing a post-commit review of 67d318e70402, I have noticed the
    following coverage hole in pglz_decompress(), where a failure of this
    check is not covered, see also [1]:
        if (unlikely(off == 0 ||
                     off > (dp - (unsigned char *) dest)))
            return -1;
    
    This can be triggered easily with the two following sequences in the
    regression tests:
    SELECT test_pglz_decompress('\x011001'::bytea, 1024, true);
    SELECT test_pglz_decompress('\x010300'::bytea, 1024, true);
    
    It's unfortunately too late for this round of minor releases, but I'd
    like to fix this hole once the next minor versions are tagged, down to
    v14.  If there are any objections or comments, feel free.  Mea culpa.
    
    Thanks,
    
    [1]: https://coverage.postgresql.org/src/common/pg_lzcompress.c.gcov.html
    --
    Michael
    
  2. Re: Plug-in coverage hole for pglz_decompress()

    Ayush Tiwari <ayushtiwari.slg01@gmail.com> — 2026-05-11T06:57:43Z

    Hi,
    
    On Mon, 11 May 2026 at 12:06, Michael Paquier <michael@paquier.xyz> wrote:
    
    > Hi all,
    > (Andrew in CC, in case.)
    >
    > While doing a post-commit review of 67d318e70402, I have noticed the
    > following coverage hole in pglz_decompress(), where a failure of this
    > check is not covered, see also [1]:
    >     if (unlikely(off == 0 ||
    >                  off > (dp - (unsigned char *) dest)))
    >         return -1;
    >
    > This can be triggered easily with the two following sequences in the
    > regression tests:
    > SELECT test_pglz_decompress('\x011001'::bytea, 1024, true);
    > SELECT test_pglz_decompress('\x010300'::bytea, 1024, true);
    >
    > It's unfortunately too late for this round of minor releases, but I'd
    > like to fix this hole once the next minor versions are tagged, down to
    > v14.  If there are any objections or comments, feel free.  Mea culpa.
    >
    >
    I looked at this on my current master.  The patch applies cleanly and
    compression_pglz passes for me.
    
    The two added inputs seem to cover the intended cases: one produces an
    offset larger than the amount of output already written, and the other
    produces offset zero, so both exercise the corrupt-input guard in
    pglz_decompress().
    
    Patch looks good to me.
    
    Regards,
    Ayush
    
  3. Re: Plug-in coverage hole for pglz_decompress()

    Michael Paquier <michael@paquier.xyz> — 2026-05-13T06:19:30Z

    On Mon, May 11, 2026 at 12:27:43PM +0530, Ayush Tiwari wrote:
    > The two added inputs seem to cover the intended cases: one produces an
    > offset larger than the amount of output already written, and the other
    > produces offset zero, so both exercise the corrupt-input guard in
    > pglz_decompress().
    
    Thanks for double-checking.  Done.
    --
    Michael