Thanks for your feedback, you are definitely right, I did not notice
that (dp - off) was staying the same in the while loop.
Here is another much smaller patch.
Flavien
Le 18/10/2023 à 17:14, Tom Lane a écrit :
> Flavien GUEDEZ <flav.pg@oopacity.net> writes:
>> After some investigations about very corrupted toast data in one
>> postgres instance, I found that the pglz_decompress function (in
>> common/pg_lzcompress.c) does not check correctly where it copies data
>> from using memcpy(), which could result in segfault.
>> In this function, there are other checks to ensure that we do not copy
>> after the destination end, but not if we copy data from "before the
>> beginning".
> Hmm, would it not be better to add this check to the existing "Check for
> corrupt data" a bit further up? Then you'd only need one instance of
> the test, and only need to do it once per tag (note the comment pointing
> out that dp - off stays the same), and overall it'd be less surprising IMO.
>
> regards, tom lane