diff options
| author | Michael Paquier <michael@paquier.xyz> | 2023-10-03 15:37:24 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2023-10-03 15:37:24 +0900 |
| commit | 9b3900cdb73418af42f5ca6aae821d51e57ca84e (patch) | |
| tree | f4350857d51e2e960eeb8e727fe6630979c76039 /src | |
| parent | 22b2e6e9df54f4d38e2fd20a882505d87c1f169f (diff) | |
Avoid memory size overflow when allocating backend activity buffer
The code in charge of copying the contents of PgBackendStatus to local
memory could fail on memory allocation because of an overflow on the
amount of memory to use. The overflow can happen when combining a high
value track_activity_query_size (max at 1MB) with a large
max_connections, when both multiplied get higher than INT32_MAX as both
parameters treated as signed integers. This could for example trigger
with the following functions, all calling pgstat_read_current_status():
- pg_stat_get_backend_subxact()
- pg_stat_get_backend_idset()
- pg_stat_get_progress_info()
- pg_stat_get_activity()
- pg_stat_get_db_numbackends()
The change to use MemoryContextAllocHuge() has been introduced in
8d0ddccec636, so backpatch down to 12.
Author: Jakub Wartak
Discussion: https://postgr.es/m/CAKZiRmw8QSNVw2qNK-dznsatQqz+9DkCquxP0GHbbv1jMkGHMA@mail.gmail.com
Backpatch-through: 12
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/postmaster/pgstat.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/backend/postmaster/pgstat.c b/src/backend/postmaster/pgstat.c index e03233ae7d0..6e47100d841 100644 --- a/src/backend/postmaster/pgstat.c +++ b/src/backend/postmaster/pgstat.c @@ -3394,7 +3394,8 @@ pgstat_read_current_status(void) NAMEDATALEN * NumBackendStatSlots); localactivity = (char *) MemoryContextAllocHuge(pgStatLocalContext, - pgstat_track_activity_query_size * NumBackendStatSlots); + (Size) pgstat_track_activity_query_size * + (Size) NumBackendStatSlots); #ifdef USE_SSL localsslstatus = (PgBackendSSLStatus *) MemoryContextAlloc(pgStatLocalContext, |