Prevent shm_mq_send from reading uninitialized memory.

shm_mq_send_bytes didn't invariably initialize *bytes_written before returning, which would cause shm_mq_send to read from uninitialized memory and add the value it found there to mqh->mqh_partial_bytes. This could cause the next attempt to send a message via the queue to fail an assertion (if the queue was detached) or copy data from a garbage pointer value into the queue (if non-blocking mode was in use).

Prevent shm_mq_send from reading uninitialized memory.
shm_mq_send_bytes didn't invariably initialize *bytes_written before returning, which would cause shm_mq_send to read from uninitialized memory and add the value it found there to mqh->mqh_partial_bytes. This could cause the next attempt to send a message via the queue to fail an assertion (if the queue was detached) or copy data from a garbage pointer value into the queue (if non-blocking mode was in use).
1144ea34 · Robert Haas · 250c26ba · 1144ea34
Commit 1144ea34 authored Jul 24, 2014 by Robert Haas
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 0 deletions

src/backend/storage/ipc/shm_mq.c src/backend/storage/ipc/shm_mq.c +7 -0

No files found.
--- a/src/backend/storage/ipc/shm_mq.c
+++ b/src/backend/storage/ipc/shm_mq.c
@@ -676,7 +676,10 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
 		/* Bail out if the queue has been detached. */
 		if (detached)
+		{
+			*bytes_written = sent;
 			return SHM_MQ_DETACHED;
+		}
 		if (available == 0)
 		{
@@ -691,12 +694,16 @@ shm_mq_send_bytes(shm_mq_handle *mqh, Size nbytes, void *data, bool nowait,
 				if (nowait)
 				{
 					if (shm_mq_get_receiver(mq) == NULL)
+					{
+						*bytes_written = sent;
 						return SHM_MQ_WOULD_BLOCK;
 					}
+				}
 				else if (!shm_mq_wait_internal(mq, &mq->mq_receiver,
 											   mqh->mqh_handle))
 				{
 					mq->mq_detached = true;
+					*bytes_written = sent;
 					return SHM_MQ_DETACHED;
 				}
 				mqh->mqh_counterparty_attached = true;