https://github.com/john-paul-r/npgsql-repros
https://github.com/john-paul-r/npgsql-repros
Last synced: 9 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/john-paul-r/npgsql-repros
- Owner: John-Paul-R
- Created: 2024-04-16T20:07:39.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-04-16T21:45:34.000Z (about 2 years ago)
- Last Synced: 2025-03-22T14:28:16.783Z (about 1 year ago)
- Language: C#
- Size: 2.93 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# npgsql repro: ArrayNullabilityMode.PerInstance buffer over-read
## Usage
start the database via docker (the below will host on port 5433):
```
docker build ./ -f ./Dockerfile -t npgsql-repros:nullable-array-overread
docker run -p5433:5432 npgsql-repros:nullable-array-overread
```
run the dotnet project
```
dotnet run
```
observe crash due to buffer over-read
## Error Description
This particular error is caused by `PolymorphicArrayConverter`'s `Read` method leading with 2 unchecked `ReadInt32` calls,
which may read past the boundary of the working buffer.
permalink: https://github.com/npgsql/npgsql/blob/058894067d33229fbef2f3bcafbfa75858fc60fb/src/Npgsql/Internal/Converters/ArrayConverter.cs#L631-L639
offending code snippet:
```csharp
public override TBase Read(PgReader reader)
{
_ = reader.ReadInt32();
var containsNulls = reader.ReadInt32() is 1;
reader.Rewind(sizeof(int) + sizeof(int));
return containsNulls
? _nullableElementCollectionConverter.Read(reader)
: _structElementCollectionConverter.Read(reader);
}
```
I've personally patched this with
```csharp
public override TBase Read(PgReader reader)
{
if (reader.ShouldBuffer(sizeof(int) + sizeof(int)))
reader.Buffer(sizeof(int) + sizeof(int));
_ = reader.ReadInt32();
var containsNulls = reader.ReadInt32() is 1;
reader.Rewind(sizeof(int) + sizeof(int));
return containsNulls
? _nullableElementCollectionConverter.Read(reader)
: _structElementCollectionConverter.Read(reader);
}
```