Re: Code quality issues in ICU patch

From: Noah Misch <noah(at)leadboat(dot)com>
To: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: Code quality issues in ICU patch
Date: 2017-06-26 04:28:51
Message-ID: 20170626042851.GA1995592@rfd.leadboat.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sat, Jun 24, 2017 at 10:03:25AM -0400, Peter Eisentraut wrote:
> On 6/23/17 12:31, Tom Lane wrote:
> > icu_to_uchar() and icu_from_uchar(), and perhaps other places, are
> > touchingly naive about integer overflow hazards in buffer size
> > calculations. I call particular attention to this bit in
> > icu_from_uchar():
> >
> > len_result = UCNV_GET_MAX_BYTES_FOR_STRING(len_uchar, ucnv_getMaxCharSize(icu_converter));
> >
> > The ICU man pages say that that macro is defined as
> >
> > #define UCNV_GET_MAX_BYTES_FOR_STRING(length, maxCharSize) (((int32_t)(length)+10)*(int32_t)(maxCharSize))
> >
> > which means that getting this to overflow (resulting in
> > probably-exploitable memory overruns) would be about as hard as taking
> > candy from a baby.
>
> Here is a patch that should address this.

[Action required within three days. This is a generic notification.]

The above-described topic is currently a PostgreSQL 10 open item. Peter,
since you committed the patch believed to have created it, you own this open
item. If some other commit is more relevant or if this does not belong as a
v10 open item, please let us know. Otherwise, please observe the policy on
open item ownership[1] and send a status update within three calendar days of
this message. Include a date for your subsequent status update. Testers may
discover new open items at any time, and I want to plan to get them all fixed
well in advance of shipping v10. Consequently, I will appreciate your efforts
toward speedy resolution. Thanks.

[1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2017-06-26 05:20:54 Re: Timing-sensitive case in src/test/recovery TAP tests
Previous Message Noah Misch 2017-06-26 04:26:28 Re: gen_random_uuid security not explicit in documentation