Integer undeflow in fprintf in dsa.c
Hello hackers,
Using Svace* I think I've found a little bug in src/backend/utils/mmgr/dsa.c.
This bug is presented in REL_12_STABLE, REL_13_STABLE, REL_14_STABLE,
REL_15_STABLE, REL_16_STABLE and master. I see that it was introduced together
with dynamic shared memory areas in the commit
13df76a537cca3b8884911d8fdf7c89a457a8dd3.
I also see that at least two people have encountered this fprintf output.
(https://postgrespro.com/list/thread-id/2419512,
https://www.postgresql.org/message-id/15e9501170d.e4b5a3858707.3339083113985275726%40zohocorp.com)
fprintf(stderr,
"segment bin %zu (at least %d contiguous pages free):\n",
i, 1 << (i - 1));
In case i equals zero user will get "at least -2147483648 contiguous pages
free".
I believe that this is a mistake, and fprintf should print "at least 0
contiguous pages free"
in case i equals zero.
The patch that has a fix of this is attached.
* - https://svace.pages.ispras.ru/svace-website/en/
Kind regards,
Ian Ilyasov.
Juniour Software Developer at Postgres Professional
Subject: [PATCH] Integer underflow fix in fprintf in dsa.c.
---
Index: src/backend/utils/mmgr/dsa.c
<+>UTF-8
===
diff --git a/src/backend/utils/mmgr/dsa.c b/src/backend/utils/mmgr/dsa.c
--- a/src/backend/utils/mmgr/dsa.c (revision b78fa8547d02fc72ace679fb4d5289dccdbfc781)
+++ b/src/backend/utils/mmgr/dsa.c (date 1708426298001)
@@ -1107,7 +1107,7 @@
fprintf(stderr,
"segment bin %zu (at least %d contiguous pages free):\n",
- i, 1 << (i - 1));
+ i, i != 0 ? 1 << (i - 1) : 0);
segment_index = area->control->segment_bins[i];
while (segment_index != DSA_SEGMENT_INDEX_NONE)
{
RE: Memory leak fix in rmtree.c
I agree with your argument. Thank you for your time. Kind regards, Ian Ilyasov Juniour Software Developer at Postgres Professional
RE: Memory leak fix in rmtree.c
> dirnames isn't allocated at this point, it's palloc'd after this return > statement on line 67. > > -- > Daniel Gustafsson I am sorry, I pointed on the wrong branch. I see that in master it is really in line 67th , and the allocation goes well. But in REL_16_STABLE the allocation is in line 58th and my patch is for this branch only. Kind regards, Ian Ilyasov.
Memory leak fix in rmtree.c
Hello hackers,
Just like some of my colleagues I've been using Svace*
and I think I've found a bug in src/common/rmtree.c .
In 64th line function returns false in case it couldn't open a directory,
but the memory, that have been allocated for char** dirnames is
not freed.
The patch that has a fix of this is attached and is based on the latest
master code.
* - https://svace.pages.ispras.ru/svace-website/en/
Kind regards,
Ian Ilyasov.
Subject: [PATCH] Fixed memory leak in case we couldn't open a directory in rmtree.c.
---
Index: src/common/rmtree.c
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===
diff --git a/src/common/rmtree.c b/src/common/rmtree.c
--- a/src/common/rmtree.c (revision 48a6bf5c4ea8e04cc9bb33a8120a21743da515ed)
+++ b/src/common/rmtree.c (date 1707211004528)
@@ -61,6 +61,7 @@
if (dir == NULL)
{
pg_log_warning("could not open directory \"%s\": %m", path);
+pfree(dirnames);
return false;
}
