Re: BUG #17888: Incorrect memory access in gist__int_ops for an input array with many elements

Alexander Law <exclusion@gmail.com>

From: Alexander Lakhin <exclusion@gmail.com>
To: Richard Guo <guofenglinux@gmail.com>, Ankit Kumar Pandey <itsankitkp@gmail.com>, David Rowley <dgrowleyml@gmail.com>, Teodor Sigaev <teodor@sigaev.ru>, pgsql-bugs@lists.postgresql.org
Date: 2023-05-31T06:00:00Z
Lists: pgsql-bugs

Attachments

07.04.2023 11:57, Richard Guo wrote:
>
> On Fri, Apr 7, 2023 at 4:21 AM PG Bug reporting form <noreply@postgresql.org> wrote:
>
>     NOTICE:  input array is too big (199 maximum allowed, 1001 current), use
>     gist__intbig_ops opclass instead
>
>
> In g_int_compress,
>
>  if (ARRNELEMS(r) >= 2 * num_ranges)
>      elog(NOTICE, "input array is too big (%d maximum allowed, %d current), use gist__intbig_ops opclass instead",
>           2 * num_ranges - 1, ARRNELEMS(r));
>
> Wondering why elog with NOTICE rather than Error here.

The NOTICE appeared there in commit 08ee64ebf5 (from year 2005) in an
attempt to get rid of flags (ISLEAFKEY(in)) [1] and probably expressed
an intention to play gently (don't break compatibility?).

The patch proposed at [2] looks correct to me. Thank you, Ankit!
Though I would add a simple case to the intarray regression test and also
add errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED) to other two places in
_int_gist.c for the sake of consistency.

Please look at the patches attached.

[1] https://www.postgresql.org/message-id/43786274.3020200%40sigaev.ru
[2] https://www.postgresql.org/message-id/796b65c3-57b7-bddf-b0d5-a8afafb8b627%40gmail.com

Commits

  1. intarray: Prevent out-of-bound memory reads with gist__int_ops

  2. Remove usage of ArrayType->flags field, use pgsql's macros BITS_PER_BYTE instead