NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit1a027e6

committed

Clean up assorted failures under clang's -fsanitize=undefined checks.

Most of these are cases where we could call memcpy() or other libcfunctions with a NULL pointer and a zero count, which is forbiddenby POSIX even though every production version of libc allows it.We've fixed such things before in a piecemeal way, but apparentlynever made an effort to try to get them all. I don't claim thatthis patch does so either, but it gets every failure I observe incheck-world, using clang 12.0.1 on current RHEL8.numeric.c has a different issue that the sanitizer doesn't like:"ln(-1.0)" will compute log10(0) and then try to assign theresulting -Inf to an integer variable. We don't actually use theresult in such a case, so there's no live bug.Back-patch to all supported branches, with the idea that we mightstart running a buildfarm member that tests this case. This includesback-patchingc1132aa (Check the size in COPY_POINTER_FIELD),which previously silenced some of these issues in copyfuncs.c.Discussion:https://postgr.es/m/CALNJ-vT9r0DSsAOw9OXVJFxLENoVS_68kJ5x0p44atoYH+H4dg@mail.gmail.com

1 parent6599d8f commit1a027e6Copy full SHA for 1a027e6

File tree

10 files changed

+52

-48

lines changed

contrib/pgcrypto
- px.c
src
- backend
  - access
    - heap
      - heapam.c
      - heapam_visibility.c
    - transam
      - clog.c
      - xact.c
  - nodes
    - copyfuncs.c
  - storage/ipc
    - shm_mq.c
  - utils
    - adt
      - numeric.c
    - time
      - snapmgr.c
- fe_utils
  - print.c

10 files changed

+52

-48

lines changed

`‎contrib/pgcrypto/px.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -200,7 +200,7 @@ combo_init(PX_Combo cx, const uint8 key, unsigned klen,`
`200`	`200`	`memset(ivbuf,0,ivs);`
`201`	`201`	`if (ivlen>ivs)`
`202`	`202`	`memcpy(ivbuf,iv,ivs);`
`203`		`-else`
	`203`	`+elseif (ivlen>0)`
`204`	`204`	`memcpy(ivbuf,iv,ivlen);`
`205`	`205`	`}`
`206`	`206`

`‎src/backend/access/heap/heapam.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -309,7 +309,7 @@ initscan(HeapScanDesc scan, ScanKey key, bool keep_startblock)`
`309`	`309`	`/*`
`310`	`310`	`* copy the scan key, if appropriate`
`311`	`311`	`*/`
`312`		`-if (key!=NULL)`
	`312`	`+if (key!=NULL&&scan->rs_base.rs_nkeys>0)`
`313`	`313`	`memcpy(scan->rs_base.rs_key,key,scan->rs_base.rs_nkeys*sizeof(ScanKeyData));`
`314`	`314`
`315`	`315`	`/*`

`‎src/backend/access/heap/heapam_visibility.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1520,8 +1520,8 @@ HeapTupleHeaderIsOnlyLocked(HeapTupleHeader tuple)`
`1520`	`1520`	`staticbool`
`1521`	`1521`	`TransactionIdInArray(TransactionIdxid,TransactionId*xip,Sizenum)`
`1522`	`1522`	`{`
`1523`		`-returnbsearch(&xid,xip,num,`
`1524`		`-sizeof(TransactionId),xidComparator)!=NULL;`
	`1523`	`+returnnum>0&&`
	`1524`	`+bsearch(&xid,xip,num,sizeof(TransactionId),xidComparator)!=NULL;`
`1525`	`1525`	`}`
`1526`	`1526`
`1527`	`1527`	`/*`

`‎src/backend/access/transam/clog.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -296,8 +296,9 @@ TransactionIdSetPageStatus(TransactionId xid, int nsubxids,`
`296`	`296`	`if (all_xact_same_page&&xid==MyPgXact->xid&&`
`297`	`297`	`nsubxids <=THRESHOLD_SUBTRANS_CLOG_OPT&&`
`298`	`298`	`nsubxids==MyPgXact->nxids&&`
`299`		`-memcmp(subxids,MyProc->subxids.xids,`
`300`		`-nsubxids*sizeof(TransactionId))==0)`
	`299`	`+(nsubxids==0\|\|`
	`300`	`+memcmp(subxids,MyProc->subxids.xids,`
	`301`	`+nsubxids*sizeof(TransactionId))==0))`
`301`	`302`	`{`
`302`	`303`	`/*`
`303`	`304`	`* If we can immediately acquire XactSLRULock, we update the status of`

`‎src/backend/access/transam/xact.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5282,8 +5282,9 @@ SerializeTransactionState(Size maxsize, char *start_address)`
`5282`	`5282`	`{`
`5283`	`5283`	`if (FullTransactionIdIsValid(s->fullTransactionId))`
`5284`	`5284`	`workspace[i++]=XidFromFullTransactionId(s->fullTransactionId);`
`5285`		`-memcpy(&workspace[i],s->childXids,`
`5286`		`-s->nChildXids*sizeof(TransactionId));`
	`5285`	`+if (s->nChildXids>0)`
	`5286`	`+memcpy(&workspace[i],s->childXids,`
	`5287`	`+s->nChildXids*sizeof(TransactionId));`
`5287`	`5288`	`i+=s->nChildXids;`
`5288`	`5289`	`}`
`5289`	`5290`	`Assert(i==nxids);`

`‎src/backend/nodes/copyfuncs.c`

Lines changed: 21 additions & 33 deletions

Original file line number	Diff line number	Diff line change
`@@ -57,8 +57,11 @@`
`57`	`57`	`#defineCOPY_POINTER_FIELD(fldname,sz) \`
`58`	`58`	`do { \`
`59`	`59`	`Size_size = (sz); \`
`60`		`-newnode->fldname = palloc(_size); \`
`61`		`-memcpy(newnode->fldname, from->fldname, _size); \`
	`60`	`+if (_size > 0) \`
	`61`	`+{ \`
	`62`	`+newnode->fldname = palloc(_size); \`
	`63`	`+memcpy(newnode->fldname, from->fldname, _size); \`
	`64`	`+} \`
`62`	`65`	`} while (0)`
`63`	`66`
`64`	`67`	`/* Copy a parse location field (for Copy, this is same as scalar case) */`
`@@ -296,12 +299,9 @@ _copyRecursiveUnion(const RecursiveUnion *from)`
`296`	`299`	`*/`
`297`	`300`	`COPY_SCALAR_FIELD(wtParam);`
`298`	`301`	`COPY_SCALAR_FIELD(numCols);`
`299`		`-if (from->numCols>0)`
`300`		`-{`
`301`		`-COPY_POINTER_FIELD(dupColIdx,from->numCols*sizeof(AttrNumber));`
`302`		`-COPY_POINTER_FIELD(dupOperators,from->numCols*sizeof(Oid));`
`303`		`-COPY_POINTER_FIELD(dupCollations,from->numCols*sizeof(Oid));`
`304`		`-}`
	`302`	`+COPY_POINTER_FIELD(dupColIdx,from->numCols*sizeof(AttrNumber));`
	`303`	`+COPY_POINTER_FIELD(dupOperators,from->numCols*sizeof(Oid));`
	`304`	`+COPY_POINTER_FIELD(dupCollations,from->numCols*sizeof(Oid));`
`305`	`305`	`COPY_SCALAR_FIELD(numGroups);`
`306`	`306`
`307`	`307`	`returnnewnode;`
`@@ -875,13 +875,10 @@ _copyMergeJoin(const MergeJoin *from)`
`875`	`875`	`COPY_SCALAR_FIELD(skip_mark_restore);`
`876`	`876`	`COPY_NODE_FIELD(mergeclauses);`
`877`	`877`	`numCols=list_length(from->mergeclauses);`
`878`		`-if (numCols>0)`
`879`		`-{`
`880`		`-COPY_POINTER_FIELD(mergeFamilies,numCols*sizeof(Oid));`
`881`		`-COPY_POINTER_FIELD(mergeCollations,numCols*sizeof(Oid));`
`882`		`-COPY_POINTER_FIELD(mergeStrategies,numCols*sizeof(int));`
`883`		`-COPY_POINTER_FIELD(mergeNullsFirst,numCols*sizeof(bool));`
`884`		`-}`
	`878`	`+COPY_POINTER_FIELD(mergeFamilies,numCols*sizeof(Oid));`
	`879`	`+COPY_POINTER_FIELD(mergeCollations,numCols*sizeof(Oid));`
	`880`	`+COPY_POINTER_FIELD(mergeStrategies,numCols*sizeof(int));`
	`881`	`+COPY_POINTER_FIELD(mergeNullsFirst,numCols*sizeof(bool));`
`885`	`882`
`886`	`883`	`returnnewnode;`
`887`	`884`	`}`
`@@ -1016,12 +1013,9 @@ _copyAgg(const Agg *from)`
`1016`	`1013`	`COPY_SCALAR_FIELD(aggstrategy);`
`1017`	`1014`	`COPY_SCALAR_FIELD(aggsplit);`
`1018`	`1015`	`COPY_SCALAR_FIELD(numCols);`
`1019`		`-if (from->numCols>0)`
`1020`		`-{`
`1021`		`-COPY_POINTER_FIELD(grpColIdx,from->numCols*sizeof(AttrNumber));`
`1022`		`-COPY_POINTER_FIELD(grpOperators,from->numCols*sizeof(Oid));`
`1023`		`-COPY_POINTER_FIELD(grpCollations,from->numCols*sizeof(Oid));`
`1024`		`-}`
	`1016`	`+COPY_POINTER_FIELD(grpColIdx,from->numCols*sizeof(AttrNumber));`
	`1017`	`+COPY_POINTER_FIELD(grpOperators,from->numCols*sizeof(Oid));`
	`1018`	`+COPY_POINTER_FIELD(grpCollations,from->numCols*sizeof(Oid));`
`1025`	`1019`	`COPY_SCALAR_FIELD(numGroups);`
`1026`	`1020`	`COPY_SCALAR_FIELD(transitionSpace);`
`1027`	`1021`	`COPY_BITMAPSET_FIELD(aggParams);`
`@@ -1043,19 +1037,13 @@ _copyWindowAgg(const WindowAgg *from)`
`1043`	`1037`
`1044`	`1038`	`COPY_SCALAR_FIELD(winref);`
`1045`	`1039`	`COPY_SCALAR_FIELD(partNumCols);`
`1046`		`-if (from->partNumCols>0)`
`1047`		`-{`
`1048`		`-COPY_POINTER_FIELD(partColIdx,from->partNumCols*sizeof(AttrNumber));`
`1049`		`-COPY_POINTER_FIELD(partOperators,from->partNumCols*sizeof(Oid));`
`1050`		`-COPY_POINTER_FIELD(partCollations,from->partNumCols*sizeof(Oid));`
`1051`		`-}`
	`1040`	`+COPY_POINTER_FIELD(partColIdx,from->partNumCols*sizeof(AttrNumber));`
	`1041`	`+COPY_POINTER_FIELD(partOperators,from->partNumCols*sizeof(Oid));`
	`1042`	`+COPY_POINTER_FIELD(partCollations,from->partNumCols*sizeof(Oid));`
`1052`	`1043`	`COPY_SCALAR_FIELD(ordNumCols);`
`1053`		`-if (from->ordNumCols>0)`
`1054`		`-{`
`1055`		`-COPY_POINTER_FIELD(ordColIdx,from->ordNumCols*sizeof(AttrNumber));`
`1056`		`-COPY_POINTER_FIELD(ordOperators,from->ordNumCols*sizeof(Oid));`
`1057`		`-COPY_POINTER_FIELD(ordCollations,from->ordNumCols*sizeof(Oid));`
`1058`		`-}`
	`1044`	`+COPY_POINTER_FIELD(ordColIdx,from->ordNumCols*sizeof(AttrNumber));`
	`1045`	`+COPY_POINTER_FIELD(ordOperators,from->ordNumCols*sizeof(Oid));`
	`1046`	`+COPY_POINTER_FIELD(ordCollations,from->ordNumCols*sizeof(Oid));`
`1059`	`1047`	`COPY_SCALAR_FIELD(frameOptions);`
`1060`	`1048`	`COPY_NODE_FIELD(startOffset);`
`1061`	`1049`	`COPY_NODE_FIELD(endOffset);`

`‎src/backend/storage/ipc/shm_mq.c`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -748,8 +748,11 @@ shm_mq_receive(shm_mq_handle mqh, Size nbytesp, void **datap, bool nowait)`
`748`	`748`
`749`	`749`	`/* Copy as much as we can. */`
`750`	`750`	`Assert(mqh->mqh_partial_bytes+rb <=nbytes);`
`751`		`-memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes],rawdata,rb);`
`752`		`-mqh->mqh_partial_bytes+=rb;`
	`751`	`+if (rb>0)`
	`752`	`+{`
	`753`	`+memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes],rawdata,rb);`
	`754`	`+mqh->mqh_partial_bytes+=rb;`
	`755`	`+}`
`753`	`756`
`754`	`757`	`/*`
`755`	`758`	`* Update count of bytes that can be consumed, accounting for`

`‎src/backend/utils/adt/numeric.c`

Lines changed: 8 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -8886,12 +8886,20 @@ exp_var(const NumericVar arg, NumericVar result, int rscale)`
`8886`	`8886`	`*`
`8887`	`8887`	`* Essentially, we're approximating log10(abs(ln(var))). This is used to`
`8888`	`8888`	`* determine the appropriate rscale when computing natural logarithms.`
	`8889`	`+ *`
	`8890`	`+ * Note: many callers call this before range-checking the input. Therefore,`
	`8891`	`+ * we must be robust against values that are invalid to apply ln() to.`
	`8892`	`+ * We don't wish to throw an error here, so just return zero in such cases.`
`8889`	`8893`	`*/`
`8890`	`8894`	`staticint`
`8891`	`8895`	`estimate_ln_dweight(constNumericVar*var)`
`8892`	`8896`	`{`
`8893`	`8897`	`intln_dweight;`
`8894`	`8898`
	`8899`	`+/* Caller should fail on ln(negative), but for the moment return zero */`
	`8900`	`+if (var->sign!=NUMERIC_POS)`
	`8901`	`+return0;`
	`8902`	`+`
`8895`	`8903`	`if (cmp_var(var,&const_zero_point_nine) >=0&&`
`8896`	`8904`	`cmp_var(var,&const_one_point_one) <=0)`
`8897`	`8905`	`{`

`‎src/backend/utils/time/snapmgr.c`

Lines changed: 6 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -594,12 +594,14 @@ SetTransactionSnapshot(Snapshot sourcesnap, VirtualTransactionId *sourcevxid,`
`594`	`594`	`CurrentSnapshot->xmax=sourcesnap->xmax;`
`595`	`595`	`CurrentSnapshot->xcnt=sourcesnap->xcnt;`
`596`	`596`	`Assert(sourcesnap->xcnt <=GetMaxSnapshotXidCount());`
`597`		`-memcpy(CurrentSnapshot->xip,sourcesnap->xip,`
`598`		`-sourcesnap->xcnt*sizeof(TransactionId));`
	`597`	`+if (sourcesnap->xcnt>0)`
	`598`	`+memcpy(CurrentSnapshot->xip,sourcesnap->xip,`
	`599`	`+sourcesnap->xcnt*sizeof(TransactionId));`
`599`	`600`	`CurrentSnapshot->subxcnt=sourcesnap->subxcnt;`
`600`	`601`	`Assert(sourcesnap->subxcnt <=GetMaxSnapshotSubxidCount());`
`601`		`-memcpy(CurrentSnapshot->subxip,sourcesnap->subxip,`
`602`		`-sourcesnap->subxcnt*sizeof(TransactionId));`
	`602`	`+if (sourcesnap->subxcnt>0)`
	`603`	`+memcpy(CurrentSnapshot->subxip,sourcesnap->subxip,`
	`604`	`+sourcesnap->subxcnt*sizeof(TransactionId));`
`603`	`605`	`CurrentSnapshot->suboverflowed=sourcesnap->suboverflowed;`
`604`	`606`	`CurrentSnapshot->takenDuringRecovery=sourcesnap->takenDuringRecovery;`
`605`	`607`	`/* NB: curcid should NOT be copied, it's a local matter */`

`‎src/fe_utils/print.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -910,7 +910,8 @@ print_aligned_text(const printTableContent cont, FILE fout, bool is_pager)`
`910`	`910`
`911`	`911`	`more_col_wrapping=col_count;`
`912`	`912`	`curr_nl_line=0;`
`913`		`-memset(header_done, false,col_count*sizeof(bool));`
	`913`	`+if (col_count>0)`
	`914`	`+memset(header_done, false,col_count*sizeof(bool));`
`914`	`915`	`while (more_col_wrapping)`
`915`	`916`	`{`
`916`	`917`	`if (opt_border==2)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1a027e6

File tree

10 files changed

10 files changed

`‎contrib/pgcrypto/px.c`

`‎src/backend/access/heap/heapam.c`

`‎src/backend/access/heap/heapam_visibility.c`

`‎src/backend/access/transam/clog.c`

`‎src/backend/access/transam/xact.c`

`‎src/backend/nodes/copyfuncs.c`

`‎src/backend/storage/ipc/shm_mq.c`

`‎src/backend/utils/adt/numeric.c`

`‎src/backend/utils/time/snapmgr.c`

`‎src/fe_utils/print.c`

0 commit comments