Avoid memory size overflow when allocating backend activity buffer

The code in charge of copying the contents of PgBackendStatus to local
memory could fail on memory allocation because of an overflow on the
amount of memory to use.  The overflow can happen when combining a high
value track_activity_query_size (max at 1MB) with a large
max_connections, when both multiplied get higher than INT32_MAX as both
parameters treated as signed integers.  This could for example trigger
with the following functions, all calling pgstat_read_current_status():
- pg_stat_get_backend_subxact()
- pg_stat_get_backend_idset()
- pg_stat_get_progress_info()
- pg_stat_get_activity()
- pg_stat_get_db_numbackends()

The change to use MemoryContextAllocHuge() has been introduced in
8d0ddccec636, so backpatch down to 12.

Author: Jakub Wartak
Discussion: https://postgr.es/m/CAKZiRmw8QSNVw2qNK-dznsatQqz+9DkCquxP0GHbbv1jMkGHMA@mail.gmail.com
Backpatch-through: 12

diff --git a/src/backend/postmaster/pgstat.c b/src/backend/postmaster/pgstat.c
index e03233ae7d0c744eb46ef7ba4a83a152da4c6b6e..6e47100d8411a9df19ebfb796e7650e89871fb9c 100644 (file)
--- a/src/backend/postmaster/pgstat.c
+++ b/src/backend/postmaster/pgstat.c
@@ -3394,7 +3394,8 @@ pgstat_read_current_status(void)
                                                   NAMEDATALEN * NumBackendStatSlots);
        localactivity = (char *)
                MemoryContextAllocHuge(pgStatLocalContext,
-                                                          pgstat_track_activity_query_size * NumBackendStatSlots);
+                                                          (Size) pgstat_track_activity_query_size *
+                                                          (Size) NumBackendStatSlots);
 #ifdef USE_SSL
        localsslstatus = (PgBackendSSLStatus *)
                MemoryContextAlloc(pgStatLocalContext,