From 08c4e7ff108e5ad51cebc62d17480812b411efca Mon Sep 17 00:00:00 2001 From: Andrew Kane Date: Thu, 18 Jun 2026 12:56:12 -0700 Subject: [PATCH] Hardened VectorArrayGet and VectorArraySet [skip ci] --- src/ivfflat.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ivfflat.h b/src/ivfflat.h index 34bcb97..6e73aaf 100644 --- a/src/ivfflat.h +++ b/src/ivfflat.h @@ -305,6 +305,9 @@ typedef IvfflatScanOpaqueData * IvfflatScanOpaque; static inline Pointer VectorArrayGet(VectorArray arr, int offset) { + if (offset >= arr->maxlen) + elog(ERROR, "safety check failed"); + return ((char *) arr->items) + (offset * arr->itemsize); } @@ -313,7 +316,7 @@ VectorArraySet(VectorArray arr, int offset, Pointer val) { Size size = VARSIZE_ANY(val); - if (size > arr->itemsize) + if (offset >= arr->maxlen || size > arr->itemsize) elog(ERROR, "safety check failed"); memcpy(VectorArrayGet(arr, offset), val, size);