Re: Buffer overflow in psql

On Wed, Nov 22, 2006 at 11:11:09AM -0500, Jack Orenstein wrote:
> I'm using Postgrseql 7.4.8. In January, I reported a psql bug. The
> problem was that an INSERT issued through psql would cause a
> crash. There was no problem with other operations I tried, or with the
> same INSERT submitted through JDBC. The discussion thread begins here:
> http://archives.postgresql.org/pgsql-bugs/2006-01/msg00071.php

<snip>
> case PGRES_COMMAND_OK:
> {
> char buf[10];
>
> success = true;
> sprintf(buf, "%u", (unsigned int)
> PQoidValue(results));
>
> In 8.1.5, the sprintf is replaced by an snprintf, resulting in a less
> serious form of the bug.

Looks like you found something.

> 1) Is one of the postgresql developers willing to get this fix into
> the next release? (We're patching our own 7.4.8 build.)

Probably, though I don't know the release cycle for backpatches.

> 2) If no one else has hit this, then it suggests I might be in
> uncharted territory with OIDs getting this high. Do I need to
> review my vacuuming strategy? (I can summarize my vacuuming
> strategy for anyone interested.)

I think most people have OIDs disabled, which avoids the problem
entirely. Perhaps that's why it hasn't been run into before.

Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.