On Wed, Dec 06, 2023 at 12:03:53AM +1300, Thomas Munro wrote:
> xlogreader.c has a pointer overflow bug, as revealed by the
> combination of -fsanitize=undefined -m32, the new 039_end_of_wal.pl
> test and Robert's incremental backup patch[1]. The bad code tests
> whether an object could fit using something like base + size <= end,
> which can be converted to something like size <= end - base to avoid
> the overflow. See experimental fix patch, attached.
The patch LGTM. I wonder if it might be worth creating some special
pointer arithmetic routines (perhaps using the stuff in common/int.h) to
help prevent this sort of thing in the future. But that'd require you to
realize that your code is at risk of overflow, at which point it's probably
just as easy to restructure the logic like you've done here.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com