Re: Insufficient memory access checks in pglz_decompress

Flavien GUEDEZ <flav.pg@oopacity.net> writes:
> After some investigations about very corrupted toast data in one 
> postgres instance, I found that the pglz_decompress function (in 
> common/pg_lzcompress.c) does not check correctly where it copies data 
> from using memcpy(), which could result in segfault.
> In this function, there are other checks to ensure that we do not copy 
> after the destination end, but not if we copy data from "before the 
> beginning".

Hmm, would it not be better to add this check to the existing "Check for
corrupt data" a bit further up?  Then you'd only need one instance of
the test, and only need to do it once per tag (note the comment pointing
out that dp - off stays the same), and overall it'd be less surprising IMO.

            regards, tom lane