mirror of
https://github.com/postgres/postgres.git
synced 2026-05-21 09:48:06 -04:00
cfb610eaa0
Sufficiently large "count" arguments could result in undetected overflow, causing the allocated memory chunk to be much smaller than what the caller will subsequently write into it. This is unlikely to be a hazard with 64-bit size_t but can sometimes happen on 32-bit builds, primarily where a function allocates workspace that's significantly larger than its input data. Rather than trying to patch the at-risk callers piecemeal, let's just redefine these macros so that they always check. To do that, move the longstanding add_size() and mul_size() functions into palloc.h and mcxt.c, and adjust them to not be specific to shared-memory allocation. Then invent palloc_mul(), palloc0_mul(), palloc_mul_extended() to use these functions. Actually, the latter use inlined copies to save one function call. repalloc_array() gets similar treatment. I didn't bother trying to inline the calls for repalloc0_array() though. In v14 and v15, this also adds repalloc_extended(), which previously was only available in v16 and up. We need copies of all this in fe_memutils.[hc] as well, since that module also provides palloc_array() etc. Reported-by: Xint Code Author: Tom Lane <tgl@sss.pgh.pa.us> Reviewed-by: Masahiko Sawada <sawada.mshk@gmail.com> Backpatch-through: 14 Security: CVE-2026-6473
89 lines
3.4 KiB
C
89 lines
3.4 KiB
C
/*
|
|
* fe_memutils.h
|
|
* memory management support for frontend code
|
|
*
|
|
* Copyright (c) 2003-2023, PostgreSQL Global Development Group
|
|
*
|
|
* src/include/common/fe_memutils.h
|
|
*/
|
|
#ifndef FE_MEMUTILS_H
|
|
#define FE_MEMUTILS_H
|
|
|
|
/*
|
|
* Flags for pg_malloc_extended and palloc_extended, deliberately named
|
|
* the same as the backend flags.
|
|
*/
|
|
#define MCXT_ALLOC_HUGE 0x01 /* allow huge allocation (> 1 GB) not
|
|
* actually used for frontends */
|
|
#define MCXT_ALLOC_NO_OOM 0x02 /* no failure if out-of-memory */
|
|
#define MCXT_ALLOC_ZERO 0x04 /* zero allocated memory */
|
|
|
|
/*
|
|
* "Safe" memory allocation functions --- these exit(1) on failure
|
|
* (except pg_malloc_extended with MCXT_ALLOC_NO_OOM)
|
|
*/
|
|
extern char *pg_strdup(const char *in);
|
|
extern void *pg_malloc(size_t size);
|
|
extern void *pg_malloc0(size_t size);
|
|
extern void *pg_malloc_extended(size_t size, int flags);
|
|
extern void *pg_realloc(void *ptr, size_t size);
|
|
extern void pg_free(void *ptr);
|
|
|
|
/*
|
|
* Support for safe calculation of memory request sizes
|
|
*/
|
|
extern Size add_size(Size s1, Size s2);
|
|
extern Size mul_size(Size s1, Size s2);
|
|
extern void *pg_malloc_mul(Size s1, Size s2);
|
|
extern void *pg_malloc0_mul(Size s1, Size s2);
|
|
extern void *pg_malloc_mul_extended(Size s1, Size s2, int flags);
|
|
extern void *pg_realloc_mul(void *p, Size s1, Size s2);
|
|
|
|
/*
|
|
* Variants with easier notation and more type safety
|
|
*/
|
|
|
|
/*
|
|
* Allocate space for one object of type "type"
|
|
*/
|
|
#define pg_malloc_object(type) ((type *) pg_malloc(sizeof(type)))
|
|
#define pg_malloc0_object(type) ((type *) pg_malloc0(sizeof(type)))
|
|
|
|
/*
|
|
* Allocate space for "count" objects of type "type"
|
|
*/
|
|
#define pg_malloc_array(type, count) ((type *) pg_malloc_mul(sizeof(type), count))
|
|
#define pg_malloc0_array(type, count) ((type *) pg_malloc0_mul(sizeof(type), count))
|
|
#define pg_malloc_array_extended(type, count, flags) ((type *) pg_malloc_mul_extended(sizeof(type), count, flags))
|
|
|
|
/*
|
|
* Change size of allocation pointed to by "pointer" to have space for "count"
|
|
* objects of type "type"
|
|
*/
|
|
#define pg_realloc_array(pointer, type, count) ((type *) pg_realloc_mul(pointer, sizeof(type), count))
|
|
|
|
/* Equivalent functions, deliberately named the same as backend functions */
|
|
extern char *pstrdup(const char *in);
|
|
extern char *pnstrdup(const char *in, Size size);
|
|
extern void *palloc(Size size);
|
|
extern void *palloc0(Size size);
|
|
extern void *palloc_extended(Size size, int flags);
|
|
extern void *repalloc(void *pointer, Size size);
|
|
extern void pfree(void *pointer);
|
|
extern void *palloc_mul(Size s1, Size s2);
|
|
extern void *palloc0_mul(Size s1, Size s2);
|
|
extern void *palloc_mul_extended(Size s1, Size s2, int flags);
|
|
extern void *repalloc_mul(void *p, Size s1, Size s2);
|
|
|
|
#define palloc_object(type) ((type *) palloc(sizeof(type)))
|
|
#define palloc0_object(type) ((type *) palloc0(sizeof(type)))
|
|
#define palloc_array(type, count) ((type *) palloc_mul(sizeof(type), count))
|
|
#define palloc0_array(type, count) ((type *) palloc0_mul(sizeof(type), count))
|
|
#define palloc_array_extended(type, count, flags) ((type *) palloc_mul_extended(sizeof(type), count, flags))
|
|
#define repalloc_array(pointer, type, count) ((type *) repalloc_mul(pointer, sizeof(type), count))
|
|
|
|
/* sprintf into a palloc'd buffer --- these are in psprintf.c */
|
|
extern char *psprintf(const char *fmt,...) pg_attribute_printf(1, 2);
|
|
extern size_t pvsnprintf(char *buf, size_t len, const char *fmt, va_list args) pg_attribute_printf(3, 0);
|
|
|
|
#endif /* FE_MEMUTILS_H */
|