a potential size overflow issue

Fri, 25 Sep 2020 16:39:33 -0700 

Hi hackers,
"InitBufTable" is the function used to initialize the buffer lookup table for buffer manager. With the memory size increasing nowadays, there is a potential overflow issue for the parameter "int size" used by "InitBufTable". This function is invoked in freelist.c as below: 
    InitBufTable(NBuffers + NUM_BUFFER_PARTITIONS);
The number of buffer block “NBuffers” is also defined as "int", and "NUM_BUFFER_PARTITIONS" has a default value 128. In theory, it may get the chance to overflow the "size" parameter in "InitBufTable". The "size" parameter is later used by "ShmemInitHash" as "init_size" and "max_size", which are all defined as "long". 

    SharedBufHash = ShmemInitHash("Shared Buffer Lookup Table",
                                  size, size,
                                  &info,
                                  HASH_ELEM | HASH_BLOBS | HASH_PARTITION);
Therefore, it would be better to change "InitBufTable(int size)" to "InitBufTable(long size)". 

A simple patch is attached and it passed the “make installcheck-world” test.

--

David

Software Engineer
Highgo Software Inc. (Canada)
www.highgo.ca

From 7df445121d3cf2aa7c0c22c831a8a920bc818d6e Mon Sep 17 00:00:00 2001
From: David Zhang <idraw...@gmail.com>
Date: Fri, 25 Sep 2020 15:39:24 -0700
Subject: [PATCH] fix a potential overflow issue for InitBufTable

---
 src/backend/storage/buffer/buf_table.c | 2 +-
 src/include/storage/buf_internals.h    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/backend/storage/buffer/buf_table.c 
b/src/backend/storage/buffer/buf_table.c
index 4953ae9f82..d4f58c1ce0 100644
--- a/src/backend/storage/buffer/buf_table.c
+++ b/src/backend/storage/buffer/buf_table.c
@@ -49,7 +49,7 @@ BufTableShmemSize(int size)
  *             size is the desired hash table size (possibly more than 
NBuffers)
  */
 void
-InitBufTable(int size)
+InitBufTable(long size)
 {
        HASHCTL         info;
 
diff --git a/src/include/storage/buf_internals.h 
b/src/include/storage/buf_internals.h
index 3377fa5676..25e1db6854 100644
--- a/src/include/storage/buf_internals.h
+++ b/src/include/storage/buf_internals.h
@@ -320,7 +320,7 @@ extern bool have_free_buffer(void);
 
 /* buf_table.c */
 extern Size BufTableShmemSize(int size);
-extern void InitBufTable(int size);
+extern void InitBufTable(long size);
 extern uint32 BufTableHashCode(BufferTag *tagPtr);
 extern int     BufTableLookup(BufferTag *tagPtr, uint32 hashcode);
 extern int     BufTableInsert(BufferTag *tagPtr, uint32 hashcode, int buf_id);
-- 
2.21.1 (Apple Git-122.3)

Reply via email to