On Fri, Mar 07, 2025 at 10:52:10AM -0600, Nathan Bossart wrote: > Good enough for me. I'll commit/back-patch to v17 the attached soon.
On second thought, since the signal number is a signed integer, I think we also ought to check that it's > 0. I'm running the attached patch through the CI tests to make sure that's correct for the common platforms. If that looks good, I'm planning to commit it. -- nathan
>From 28461c692c07b85bba101e610f776e9d65430902 Mon Sep 17 00:00:00 2001 From: Nathan Bossart <nat...@postgresql.org> Date: Fri, 7 Mar 2025 14:30:55 -0600 Subject: [PATCH v2 1/1] Assert that wrapper_handler()'s argument is within expected range. pqsignal() already performs a similar check, but strange Valgrind reports have us wondering if wrapper_handler() is somehow getting called with an invalid signal number. Reported-by: Tomas Vondra <to...@vondra.me> Suggested-by: Andres Freund <and...@anarazel.de> Discussion: https://postgr.es/m/ace01111-f9ac-4f61-b1b1-8e9379415444%40vondra.me Backpatch-through: 17 --- src/port/pqsignal.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/port/pqsignal.c b/src/port/pqsignal.c index 5dd8b76bae8..26943845e21 100644 --- a/src/port/pqsignal.c +++ b/src/port/pqsignal.c @@ -87,6 +87,9 @@ wrapper_handler(SIGNAL_ARGS) { int save_errno = errno; + Assert(postgres_signal_arg > 0); + Assert(postgres_signal_arg < PG_NSIG); + #ifndef FRONTEND /* @@ -123,6 +126,7 @@ pqsignal(int signo, pqsigfunc func) struct sigaction act; #endif + Assert(signo > 0); Assert(signo < PG_NSIG); if (func != SIG_IGN && func != SIG_DFL) -- 2.39.5 (Apple Git-154)
