mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-21 08:29:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevent shm_mq_send from reading uninitialized memory.

Browse Source 
shm_mq_send_bytes didn't invariably initialize *bytes_written before
returning, which would cause shm_mq_send to read from uninitialized
memory and add the value it found there to mqh->mqh_partial_bytes.
This could cause the next attempt to send a message via the queue to
fail an assertion (if the queue was detached) or copy data from a
garbage pointer value into the queue (if non-blocking mode was in use).
This commit is contained in:
Robert Haas 2014-07-24 09:19:50 -04:00
parent 250c26ba9c
commit 1144ea3421
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/backend/storage/ipc/shm_mq.c
View File

@ -676,7 +676,10 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
/* Bail out if the queue has been detached. */
if (detached)
{
*bytes_written = sent;
return SHM_MQ_DETACHED;
}
if (available == 0)
{
@ -691,12 +694,16 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
if (nowait)
{
if (shm_mq_get_receiver(mq) == NULL)
{
*bytes_written = sent;
return SHM_MQ_WOULD_BLOCK;
}
}
else if (!shm_mq_wait_internal(mq, &mq->mq_receiver,
mqh->mqh_handle))
{
mq->mq_detached = true;
*bytes_written = sent;
return SHM_MQ_DETACHED;
}
mqh->mqh_counterparty_attached = true;