From de3633d21e6b879176b3e57ffc377db9aa3edc3f Mon Sep 17 00:00:00 2001 From: "Anton A. Melnikov" Date: Tue, 12 Sep 2023 08:14:07 +0300 Subject: [PATCH 1/4] Fix sanitizer aligment errors with memcpy. --- src/backend/utils/adt/agtype_ext.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/backend/utils/adt/agtype_ext.c b/src/backend/utils/adt/agtype_ext.c index 86dd647d3..41f0e6793 100644 --- a/src/backend/utils/adt/agtype_ext.c +++ b/src/backend/utils/adt/agtype_ext.c @@ -59,7 +59,7 @@ bool ag_serialize_extended_type(StringInfo buffer, agtentry *agtentry, /* copy in the int_value data */ numlen = sizeof(int64); offset = reserve_from_buffer(buffer, numlen); - *((int64 *)(buffer->data + offset)) = scalar_val->val.int_value; + memcpy( buffer->data + offset, &scalar_val->val.int_value, numlen); *agtentry = AGTENTRY_IS_AGTYPE | (padlen + numlen + AGT_HEADER_SIZE); break; @@ -70,7 +70,7 @@ bool ag_serialize_extended_type(StringInfo buffer, agtentry *agtentry, /* copy in the float_value data */ numlen = sizeof(scalar_val->val.float_value); offset = reserve_from_buffer(buffer, numlen); - *((float8 *)(buffer->data + offset)) = scalar_val->val.float_value; + memcpy(buffer->data + offset, &scalar_val->val.int_value, numlen); *agtentry = AGTENTRY_IS_AGTYPE | (padlen + numlen + AGT_HEADER_SIZE); break; @@ -156,12 +156,12 @@ void ag_deserialize_extended_type(char *base_addr, uint32 offset, { case AGT_HEADER_INTEGER: result->type = AGTV_INTEGER; - result->val.int_value = *((int64 *)(base + AGT_HEADER_SIZE)); + memcpy(&result->val.int_value, base + AGT_HEADER_SIZE, sizeof(int64)); break; case AGT_HEADER_FLOAT: result->type = AGTV_FLOAT; - result->val.float_value = *((float8 *)(base + AGT_HEADER_SIZE)); + memcpy(&result->val.float_value, base + AGT_HEADER_SIZE, sizeof(float8)); break; case AGT_HEADER_VERTEX: From 3afbad612251b3e95db1ea0b8daac9344754c2c3 Mon Sep 17 00:00:00 2001 From: "Anton A. Melnikov" Date: Wed, 13 Sep 2023 23:48:02 +0300 Subject: [PATCH 2/4] Fix sanitizer "invalid values for type '_Bool' " errors with palloc0. --- src/backend/executor/cypher_set.c | 2 +- src/backend/utils/adt/agtype.c | 2 +- src/backend/utils/adt/agtype_ext.c | 2 +- src/backend/utils/adt/agtype_util.c | 12 ++++++------ 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/backend/executor/cypher_set.c b/src/backend/executor/cypher_set.c index 4f941bf59..4919073d4 100644 --- a/src/backend/executor/cypher_set.c +++ b/src/backend/executor/cypher_set.c @@ -255,7 +255,7 @@ static agtype_value *replace_entity_in_path(agtype_value *path, agtype *prop_agtype; int i; - r = palloc(sizeof(agtype_value)); + r = palloc0(sizeof(agtype_value)); prop_agtype = agtype_value_to_agtype(path); it = agtype_iterator_init(&prop_agtype->root); diff --git a/src/backend/utils/adt/agtype.c b/src/backend/utils/adt/agtype.c index 2f93983e3..2170398cb 100644 --- a/src/backend/utils/adt/agtype.c +++ b/src/backend/utils/adt/agtype.c @@ -9043,7 +9043,7 @@ agtype_value *agtype_composite_to_agtype_value_binary(agtype *a) errmsg("cannot convert agtype scalar objects to binary agtype_value objects"))); } - result = palloc(sizeof(agtype_value)); + result = palloc0(sizeof(agtype_value)); // convert the agtype to a binary agtype_value result->type = AGTV_BINARY; diff --git a/src/backend/utils/adt/agtype_ext.c b/src/backend/utils/adt/agtype_ext.c index 41f0e6793..c16efaa79 100644 --- a/src/backend/utils/adt/agtype_ext.c +++ b/src/backend/utils/adt/agtype_ext.c @@ -195,7 +195,7 @@ static void ag_deserialize_composite(char *base, enum agtype_value_type type, //offset container by the extended type header char *container_base = base + AGT_HEADER_SIZE; - r = palloc(sizeof(agtype_value)); + r = palloc0(sizeof(agtype_value)); it = agtype_iterator_init((agtype_container *)container_base); while ((tok = agtype_iterator_next(&it, r, true)) != WAGT_DONE) diff --git a/src/backend/utils/adt/agtype_util.c b/src/backend/utils/adt/agtype_util.c index 107d2d0df..7b7f14480 100644 --- a/src/backend/utils/adt/agtype_util.c +++ b/src/backend/utils/adt/agtype_util.c @@ -460,7 +460,7 @@ agtype_value *find_agtype_value_from_container(agtype_container *container, return NULL; } - result = palloc(sizeof(agtype_value)); + result = palloc0(sizeof(agtype_value)); if ((flags & AGT_FARRAY) && AGTYPE_CONTAINER_IS_ARRAY(container)) { @@ -554,7 +554,7 @@ agtype_value *get_ith_agtype_value_from_container(agtype_container *container, if (i >= nelements) return NULL; - result = palloc(sizeof(agtype_value)); + result = palloc0(sizeof(agtype_value)); fill_agtype_value(container, i, base_addr, get_agtype_offset(container, i), result); @@ -716,7 +716,7 @@ static agtype_value *push_agtype_value_scalar(agtype_parse_state **pstate, (*pstate)->size = 4; } (*pstate)->cont_val.val.array.elems = - palloc(sizeof(agtype_value) * (*pstate)->size); + palloc0(sizeof(agtype_value) * (*pstate)->size); (*pstate)->last_updated_value = NULL; break; case WAGT_BEGIN_OBJECT: @@ -727,7 +727,7 @@ static agtype_value *push_agtype_value_scalar(agtype_parse_state **pstate, (*pstate)->cont_val.val.object.num_pairs = 0; (*pstate)->size = 4; (*pstate)->cont_val.val.object.pairs = - palloc(sizeof(agtype_pair) * (*pstate)->size); + palloc0(sizeof(agtype_pair) * (*pstate)->size); (*pstate)->last_updated_value = NULL; break; case WAGT_KEY: @@ -784,7 +784,7 @@ static agtype_value *push_agtype_value_scalar(agtype_parse_state **pstate, */ static agtype_parse_state *push_state(agtype_parse_state **pstate) { - agtype_parse_state *ns = palloc(sizeof(agtype_parse_state)); + agtype_parse_state *ns = palloc0(sizeof(agtype_parse_state)); ns->next = *pstate; return ns; @@ -1306,7 +1306,7 @@ bool agtype_deep_contains(agtype_iterator **val, agtype_iterator **m_contained) uint32 j = 0; /* Make room for all possible values */ - lhs_conts = palloc(sizeof(agtype_value) * num_lhs_elems); + lhs_conts = palloc0(sizeof(agtype_value) * num_lhs_elems); for (i = 0; i < num_lhs_elems; i++) { From 2840ce1fdbd2027a9a83ffa06334c703fc7e6e24 Mon Sep 17 00:00:00 2001 From: "Anton A. Melnikov" Date: Thu, 14 Sep 2023 10:06:15 +0300 Subject: [PATCH 3/4] Fix sanitizer heap-buffer-overflow errors during csv files parsing. --- src/backend/utils/load/ag_load_edges.c | 2 +- src/backend/utils/load/ag_load_labels.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/utils/load/ag_load_edges.c b/src/backend/utils/load/ag_load_edges.c index 5a07c4035..4d6c516d5 100644 --- a/src/backend/utils/load/ag_load_edges.c +++ b/src/backend/utils/load/ag_load_edges.c @@ -160,7 +160,7 @@ int create_edges_from_csv_file(char *file_path, struct csv_parser p; char buf[1024]; size_t bytes_read; - unsigned char options = 0; + unsigned char options = CSV_APPEND_NULL; csv_edge_reader cr; if (csv_init(&p, options) != 0) diff --git a/src/backend/utils/load/ag_load_labels.c b/src/backend/utils/load/ag_load_labels.c index 2f60b30e9..ce0bd4aec 100644 --- a/src/backend/utils/load/ag_load_labels.c +++ b/src/backend/utils/load/ag_load_labels.c @@ -194,7 +194,7 @@ int create_labels_from_csv_file(char *file_path, struct csv_parser p; char buf[1024]; size_t bytes_read; - unsigned char options = 0; + unsigned char options = CSV_APPEND_NULL; csv_vertex_reader cr; if (csv_init(&p, options) != 0) From 71f445a61d604f4ca8a2bc5f364f4c0077e09ac5 Mon Sep 17 00:00:00 2001 From: "Anton A. Melnikov" Date: Mon, 18 Sep 2023 06:34:52 +0300 Subject: [PATCH 4/4] Save the metadata representing by the extensible node with the null terminator. --- src/backend/parser/cypher_clause.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/parser/cypher_clause.c b/src/backend/parser/cypher_clause.c index cb729a341..59543c73d 100644 --- a/src/backend/parser/cypher_clause.c +++ b/src/backend/parser/cypher_clause.c @@ -6760,7 +6760,7 @@ static FuncExpr *make_clause_func_expr(char *function_name, */ outNode(str, clause_information); - clause_information_const = makeConst(INTERNALOID, -1, InvalidOid, str->len, + clause_information_const = makeConst(INTERNALOID, -1, InvalidOid, str->len + 1, PointerGetDatum(str->data), false, false); func_oid = get_ag_func_oid(function_name, 1, INTERNALOID);