diff options
| author | Michael Paquier <michael@paquier.xyz> | 2021-11-12 21:50:04 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2021-11-12 21:50:04 +0900 |
| commit | 5f81a480d537956efc0b9bf2eee7d651a03c596a (patch) | |
| tree | 3b8bbaca7b30decd20cbc6f5647cd06e3638e822 /src/backend/utils/adt/pgstatfuncs.c | |
| parent | 675cd765c2a5d5f2f020a5bf647086c178612abf (diff) | |
| download | postgresql-5f81a480d537956efc0b9bf2eee7d651a03c596a.tar.gz postgresql-5f81a480d537956efc0b9bf2eee7d651a03c596a.zip | |
Fix memory overrun when querying pg_stat_slru
pg_stat_get_slru() in pgstatfuncs.c would point to one element after the
end of the array PgStat_SLRUStats when finishing to scan its entries.
This had no direct consequences as no data from the extra memory area
was read, but static analyzers would rightfully complain here. So let's
be clean.
While on it, this adds one regression test in the area reserved for
system views.
Reported-by: Alexander Kozhemyakin, via AddressSanitizer
Author: Kyotaro Horiguchi
Discussion: https://postgr.es/m/17280-37da556e86032070@postgresql.org
Backpatch-through: 13
Diffstat (limited to 'src/backend/utils/adt/pgstatfuncs.c')
| -rw-r--r-- | src/backend/utils/adt/pgstatfuncs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/utils/adt/pgstatfuncs.c b/src/backend/utils/adt/pgstatfuncs.c index f0e09eae4d6..d899ba86f0f 100644 --- a/src/backend/utils/adt/pgstatfuncs.c +++ b/src/backend/utils/adt/pgstatfuncs.c @@ -1912,7 +1912,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) /* for each row */ Datum values[PG_STAT_GET_SLRU_COLS]; bool nulls[PG_STAT_GET_SLRU_COLS]; - PgStat_SLRUStats stat = stats[i]; + PgStat_SLRUStats stat; const char *name; name = pgstat_slru_name(i); @@ -1920,6 +1920,7 @@ pg_stat_get_slru(PG_FUNCTION_ARGS) if (!name) break; + stat = stats[i]; MemSet(values, 0, sizeof(values)); MemSet(nulls, 0, sizeof(nulls)); |