Re: doPickSplit stack buffer overflow in XLogInsert?

On 2013-11-26 14:14:38 -0800, Kevin Grittner wrote:
> I happened to build in a shell that was still set up for the clang
> address sanitizer, and got the attached report.  On a rerun it was
> repeatable.  XLogInsert() seems to read past the end of a variable
> allocated on the stack in doPickSplit(). I haven't tried to analyze
> it past that, since this part of the code is unfamiliar to me.

Yea, I've seen that one before as well and planned to report it at some
point. The reason is the MAXALIGN()s in ACCEPT_RDATA_DATA(). That rounds
up to 8byte boundaries, while we've e.g. only added 2bytes of slop to
toDelete.


Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services