Skip to content

Commit 9b3900c

Browse files
michaelpqmichaelpq
committed
Avoid memory size overflow when allocating backend activity buffer
The code in charge of copying the contents of PgBackendStatus to local memory could fail on memory allocation because of an overflow on the amount of memory to use. The overflow can happen when combining a high value track_activity_query_size (max at 1MB) with a large max_connections, when both multiplied get higher than INT32_MAX as both parameters treated as signed integers. This could for example trigger with the following functions, all calling pgstat_read_current_status(): - pg_stat_get_backend_subxact() - pg_stat_get_backend_idset() - pg_stat_get_progress_info() - pg_stat_get_activity() - pg_stat_get_db_numbackends() The change to use MemoryContextAllocHuge() has been introduced in 8d0ddcc, so backpatch down to 12. Author: Jakub Wartak Discussion: https://postgr.es/m/CAKZiRmw8QSNVw2qNK-dznsatQqz+9DkCquxP0GHbbv1jMkGHMA@mail.gmail.com Backpatch-through: 12
1 parent 22b2e6e commit 9b3900c

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

src/backend/postmaster/pgstat.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3394,7 +3394,8 @@ pgstat_read_current_status(void)
33943394
NAMEDATALEN * NumBackendStatSlots);
33953395
localactivity = (char *)
33963396
MemoryContextAllocHuge(pgStatLocalContext,
3397-
pgstat_track_activity_query_size * NumBackendStatSlots);
3397+
(Size) pgstat_track_activity_query_size *
3398+
(Size) NumBackendStatSlots);
33983399
#ifdef USE_SSL
33993400
localsslstatus = (PgBackendSSLStatus *)
34003401
MemoryContextAlloc(pgStatLocalContext,

0 commit comments

Comments
 (0)