Bug: heap buffer overflow in create_dimension_partition_tuple

[svenklemm]

Commit 025bda6a8 seems to have introduced heap buffer overflows which get triggered in the sanitizer runs.

Link to failed runs: https://github.com/timescale/timescaledb/runs/7641961947?check_suite_focus=true https://github.com/timescale/timescaledb/runs/7641962080?check_suite_focus=true

Backtrace:

==postgres==10025==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250003c2100 at pc 0x562a214a7b4a bp 0x7ffc8e79b870 sp 0x7ffc8e79b018
READ of size 64 at 0x6250003c2100 thread T0
    #0 0x562a214a7b49 in memmove (/home/runner/postgresql/bin/postgres+0x27feb49)
    #1 0x562a228b5d38 in memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
    #2 0x562a228b5d38 in ArrayCastAndSet /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:4630
    #3 0x562a228c1978 in CopyArrayEls /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:990
    #4 0x562a228ce517 in construct_md_array /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:3428
    #5 0x562a228ce67f in construct_array /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:3329
    #6 0x7fb533f5414f in create_dimension_partition_tuple /home/runner/work/timescaledb/timescaledb/src/ts_catalog/dimension_partition.c:273
    #7 0x7fb533f55983 in ts_dimension_partition_info_recreate /home/runner/work/timescaledb/timescaledb/src/ts_catalog/dimension_partition.c:366
    #8 0x7fb533ed086b in ts_hypertable_update_dimension_partitions /home/runner/work/timescaledb/timescaledb/src/hypertable.c:2762
    #9 0x7fb5335136c1 in data_node_modify_hypertable_data_nodes /home/runner/work/timescaledb/timescaledb/tsl/src/data_node.c:1217
    #10 0x7fb5335140dd in data_node_block_hypertable_data_nodes /home/runner/work/timescaledb/timescaledb/tsl/src/data_node.c:1229
    #11 0x7fb533517d92 in data_node_block_or_allow_new_chunks /home/runner/work/timescaledb/timescaledb/tsl/src/data_node.c:1338
    #12 0x7fb5335180e7 in data_node_allow_new_chunks /home/runner/work/timescaledb/timescaledb/tsl/src/data_node.c:1354
    #13 0x7fb533e8be60 in ts_data_node_allow_new_chunks /home/runner/work/timescaledb/timescaledb/src/cross_module_fn.c:90
    #14 0x562a21f4f6ae in ExecMakeTableFunctionResult /home/runner/pgbuild/src/backend/executor/execSRF.c:234
    #15 0x562a21fcc7a5 in FunctionNext /home/runner/pgbuild/src/backend/executor/nodeFunctionscan.c:95
    #16 0x562a21f53576 in ExecScanFetch /home/runner/pgbuild/src/backend/executor/execScan.c:133
    #17 0x562a21f5378e in ExecScan /home/runner/pgbuild/src/backend/executor/execScan.c:182
    #18 0x562a21fcc081 in ExecFunctionScan /home/runner/pgbuild/src/backend/executor/nodeFunctionscan.c:270
    #19 0x562a21f44476 in ExecProcNodeFirst /home/runner/pgbuild/src/backend/executor/execProcnode.c:463
    #20 0x562a21f150aa in ExecProcNode ../../../src/include/executor/executor.h:257
    #21 0x562a21f1529a in ExecutePlan /home/runner/pgbuild/src/backend/executor/execMain.c:1551
    #22 0x562a21f1a205 in standard_ExecutorRun /home/runner/pgbuild/src/backend/executor/execMain.c:361
    #23 0x562a21f1a71c in ExecutorRun /home/runner/pgbuild/src/backend/executor/execMain.c:305
    #24 0x562a228126bb in PortalRunSelect /home/runner/pgbuild/src/backend/tcop/pquery.c:921
    #25 0x562a22819fcc in PortalRun /home/runner/pgbuild/src/backend/tcop/pquery.c:765
    #26 0x562a2280bbee in exec_simple_query /home/runner/pgbuild/src/backend/tcop/postgres.c:1214
    #27 0x562a2281110b in PostgresMain /home/runner/pgbuild/src/backend/tcop/postgres.c:4496
    #28 0x562a22532334 in BackendRun /home/runner/pgbuild/src/backend/postmaster/postmaster.c:4530
    #29 0x562a2253d230 in BackendStartup /home/runner/pgbuild/src/backend/postmaster/postmaster.c:4252
    #30 0x562a2253dfb1 in ServerLoop /home/runner/pgbuild/src/backend/postmaster/postmaster.c:1745
    #31 0x562a225404f5 in PostmasterMain /home/runner/pgbuild/src/backend/postmaster/postmaster.c:1417
    #32 0x562a22128e6f in main /home/runner/pgbuild/src/backend/main/main.c:209
    #33 0x7fb541c07082 in __libc_start_main ../csu/libc-start.c:308
    #34 0x562a214914bd in _start (/home/runner/postgresql/bin/postgres+0x27e84bd)

==postgres==6867==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6250005a4900 at pc 0x55a37b67eaca bp 0x7ffcfa539200 sp 0x7ffcfa5389a8
READ of size 64 at 0x6250005a4900 thread T0
    #0 0x55a37b67eac9 in memmove (/home/runner/postgresql/bin/postgres+0x2487ac9)
    #1 0x55a37c89eb8d in memmove /usr/include/x86_64-linux-gnu/bits/string_fortified.h:40
    #2 0x55a37c89eb8d in ArrayCastAndSet /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:4563
    #3 0x55a37c8aa74a in CopyArrayEls /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:988
    #4 0x55a37c8b7365 in construct_md_array /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:3400
    #5 0x55a37c8b74cd in construct_array /home/runner/pgbuild/src/backend/utils/adt/arrayfuncs.c:3301
    #6 0x7f51d6e674f7 in create_dimension_partition_tuple /home/runner/work/timescaledb/timescaledb/src/ts_catalog/dimension_partition.c:273
    #7 0x7f51d6e68d14 in ts_dimension_partition_info_recreate /home/runner/work/timescaledb/timescaledb/src/ts_catalog/dimension_partition.c:366
    #8 0x7f51d6de2ca9 in ts_hypertable_create_from_info /home/runner/work/timescaledb/timescaledb/src/hypertable.c:2115
    #9 0x7f51d6de52e7 in ts_hypertable_create_internal /home/runner/work/timescaledb/timescaledb/src/hypertable.c:1865
    #10 0x7f51d6de559f in ts_hypertable_distributed_create /home/runner/work/timescaledb/timescaledb/src/hypertable.c:1897
    #11 0x55a37c059527 in ExecMakeTableFunctionResult /home/runner/pgbuild/src/backend/executor/execSRF.c:234
    #12 0x55a37c0bcc32 in FunctionNext /home/runner/pgbuild/src/backend/executor/nodeFunctionscan.c:95
    #13 0x55a37c0545d3 in ExecScanFetch /home/runner/pgbuild/src/backend/executor/execScan.c:133
    #14 0x55a37c0549d2 in ExecScan /home/runner/pgbuild/src/backend/executor/execScan.c:200
    #15 0x55a37c0bc50e in ExecFunctionScan /home/runner/pgbuild/src/backend/executor/nodeFunctionscan.c:270
    #16 0x55a37c04c58a in ExecProcNodeFirst /home/runner/pgbuild/src/backend/executor/execProcnode.c:445
    #17 0x55a37c01d9fb in ExecProcNode ../../../src/include/executor/executor.h:242
    #18 0x55a37c01dbeb in ExecutePlan /home/runner/pgbuild/src/backend/executor/execMain.c:1632
    #19 0x55a37c0224af in standard_ExecutorRun /home/runner/pgbuild/src/backend/executor/execMain.c:350
    #20 0x55a37c0229b8 in ExecutorRun /home/runner/pgbuild/src/backend/executor/execMain.c:294
    #21 0x55a37c8182bb in PortalRunSelect /home/runner/pgbuild/src/backend/tcop/pquery.c:938
    #22 0x55a37c81fa18 in PortalRun /home/runner/pgbuild/src/backend/tcop/pquery.c:779
    #23 0x55a37c81278e in exec_simple_query /home/runner/pgbuild/src/backend/tcop/postgres.c:1215
    #24 0x55a37c817265 in PostgresMain /home/runner/pgbuild/src/backend/tcop/postgres.c:4281
    #25 0x55a37c59a94e in BackendRun /home/runner/pgbuild/src/backend/postmaster/postmaster.c:4510
    #26 0x55a37c5a5c77 in BackendStartup /home/runner/pgbuild/src/backend/postmaster/postmaster.c:4193
    #27 0x55a37c5a6a03 in ServerLoop /home/runner/pgbuild/src/backend/postmaster/postmaster.c:1725
    #28 0x55a37c5a8e62 in PostmasterMain /home/runner/pgbuild/src/backend/postmaster/postmaster.c:1398
    #29 0x55a37c1f9668 in main /home/runner/pgbuild/src/backend/main/main.c:228
    #30 0x7f51e4a0f082 in __libc_start_main ../csu/libc-start.c:308
    #31 0x55a37b66843d in _start (/home/runner/postgresql/bin/postgres+0x247143d)

[fabriziomello]

@erimatnor can u help us on this issue?