Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcd9d489

Browse files
committed
Don't read fields of a misaligned ExpandedObjectHeader or AnyArrayType.
UBSan complains about this. Instead, cast to a suitable type requiringonly 4-byte alignment. DatumGetAnyArrayP() already assumes one can castbetween AnyArrayType and ArrayType, so this doesn't introduce a newassumption. Back-patch to 9.5, where AnyArrayType was introduced.Reviewed by Tom Lane.Discussion:https://postgr.es/m/20190629210334.GA1244217@rfd.leadboat.com
1 parenta1637ca commitcd9d489

File tree

4 files changed

+17
-10
lines changed

4 files changed

+17
-10
lines changed

‎src/backend/utils/adt/arrayfuncs.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4108,7 +4108,7 @@ array_contain_compare(AnyArrayType *array1, AnyArrayType *array2, Oid collation,
41084108
nelems2=array2->xpn.nelems;
41094109
}
41104110
else
4111-
deconstruct_array(&(array2->flt),
4111+
deconstruct_array((ArrayType*)array2,
41124112
element_type,typlen,typbyval,typalign,
41134113
&values2,&nulls2,&nelems2);
41144114

‎src/include/utils/array.h

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,10 @@ typedef struct ExpandedArrayHeader
153153

154154
/*
155155
* Functions that can handle either a "flat" varlena array or an expanded
156-
* array use this union to work with their input.
156+
* array use this union to work with their input. Don't refer to "flt";
157+
* instead, cast to ArrayType. This struct nominally requires 8-byte
158+
* alignment on 64-bit, but it's often used for an ArrayType having 4-byte
159+
* alignment. UBSan complains about referencing "flt" in such cases.
157160
*/
158161
typedefunionAnyArrayType
159162
{
@@ -307,17 +310,21 @@ typedef struct ArrayIteratorData *ArrayIterator;
307310
* Macros for working with AnyArrayType inputs. Beware multiple references!
308311
*/
309312
#defineAARR_NDIM(a) \
310-
(VARATT_IS_EXPANDED_HEADER(a) ? (a)->xpn.ndims : ARR_NDIM(&(a)->flt))
313+
(VARATT_IS_EXPANDED_HEADER(a) ? \
314+
(a)->xpn.ndims : ARR_NDIM((ArrayType *) (a)))
311315
#defineAARR_HASNULL(a) \
312316
(VARATT_IS_EXPANDED_HEADER(a) ? \
313317
((a)->xpn.dvalues != NULL ? (a)->xpn.dnulls != NULL : ARR_HASNULL((a)->xpn.fvalue)) : \
314-
ARR_HASNULL(&(a)->flt))
318+
ARR_HASNULL((ArrayType *) (a)))
315319
#defineAARR_ELEMTYPE(a) \
316-
(VARATT_IS_EXPANDED_HEADER(a) ? (a)->xpn.element_type : ARR_ELEMTYPE(&(a)->flt))
320+
(VARATT_IS_EXPANDED_HEADER(a) ? \
321+
(a)->xpn.element_type : ARR_ELEMTYPE((ArrayType *) (a)))
317322
#defineAARR_DIMS(a) \
318-
(VARATT_IS_EXPANDED_HEADER(a) ? (a)->xpn.dims : ARR_DIMS(&(a)->flt))
323+
(VARATT_IS_EXPANDED_HEADER(a) ? \
324+
(a)->xpn.dims : ARR_DIMS((ArrayType *) (a)))
319325
#defineAARR_LBOUND(a) \
320-
(VARATT_IS_EXPANDED_HEADER(a) ? (a)->xpn.lbound : ARR_LBOUND(&(a)->flt))
326+
(VARATT_IS_EXPANDED_HEADER(a) ? \
327+
(a)->xpn.lbound : ARR_LBOUND((ArrayType *) (a)))
321328

322329

323330
/*

‎src/include/utils/arrayaccess.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ array_iter_setup(array_iter *it, AnyArrayType *a)
7171
{
7272
it->datumptr=NULL;
7373
it->isnullptr=NULL;
74-
it->dataptr=ARR_DATA_PTR(&a->flt);
75-
it->bitmapptr=ARR_NULLBITMAP(&a->flt);
74+
it->dataptr=ARR_DATA_PTR((ArrayType*)a);
75+
it->bitmapptr=ARR_NULLBITMAP((ArrayType*)a);
7676
}
7777
it->bitmask=1;
7878
}

‎src/include/utils/expandeddatum.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,7 +126,7 @@ struct ExpandedObjectHeader
126126
*/
127127
#defineEOH_HEADER_MAGIC (-1)
128128
#defineVARATT_IS_EXPANDED_HEADER(PTR) \
129-
(((ExpandedObjectHeader *) (PTR))->vl_len_ == EOH_HEADER_MAGIC)
129+
(((varattrib_4b *) (PTR))->va_4byte.va_header == EOH_HEADER_MAGIC)
130130

131131
/*
132132
* Generic support functions for expanded objects.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp