BUG #5101: Off-by-one error in bitncmp() in src/backend/utils/adt/network.c

The following bug has been logged online:

Bug reference: 5101
Logged by: Chris Mikkelson
Email address: cmikk(at)qwest(dot)net
PostgreSQL version: 8.4.1(+earlier)
Operating system: all
Description: Off-by-one error in bitncmp() in
src/backend/utils/adt/network.c
Details:

When comparing a number of bits divisible by 8, bitncmp() may dereference a
pointer one byte out
of bounds.

The following patch against 8.4.1 incorporates the fix made to bitncmp() in
the BIND source tree:

*** src/backend/utils/adt/network.c.orig 2009-10-07
12:32:13.000000000 -0500
--- src/backend/utils/adt/network.c 2009-10-07 12:32:45.000000000 -0500
*************** bitncmp(void *l, void *r, int n)
*** 972,979 ****

b = n / 8;
x = memcmp(l, r, b);
! if (x)
! return x;

lb = ((const u_char *) l)[b];
rb = ((const u_char *) r)[b];
--- 972,979 ----

b = n / 8;
x = memcmp(l, r, b);
! if (x || (n % 8) == 0)
! return (x);

lb = ((const u_char *) l)[b];
rb = ((const u_char *) r)[b];

Chris Mikkelson wrote:
> The following bug has been logged online:
>
> Bug reference: 5101
> Logged by: Chris Mikkelson
> Email address: cmikk(at)qwest(dot)net
> PostgreSQL version: 8.4.1(+earlier)
> Operating system: all
> Description: Off-by-one error in bitncmp() in
> src/backend/utils/adt/network.c
> Details:
>
> When comparing a number of bits divisible by 8, bitncmp() may dereference a
> pointer one byte out
> of bounds.
>
> The following patch against 8.4.1 incorporates the fix made to bitncmp() in
> the BIND source tree:

Thanks, applied.

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com