| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll |
| Date: | 2021-06-23 13:24:38 |
| Message-ID: | 2080223.1624454678@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com> writes:
> While trying to sanitise the code for heap buffer overflows I compiled and linked the executable with clang -fsanitize=“address” option. The connection library indicates a buffer over flow in an internal source code of the module.
Hm, interesting. Our code is expecting that gss_display_status() returns
a null-terminated string, but this trace suggests that the string is
not necessarily null-terminated. The documentation I found on the net
is unclear on the point, and the code I could find is split as to how
the string is treated. If it's not supposed to be null-terminated,
we're hardly the only ones making that mistake.
In any case, you wouldn't get here unless we'd run into some kind of
problem trying to make a GSS connection. Could you maybe explain the
conditions you're running this under, and/or print out the failure message
it constructs?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sudheer H R | 2021-06-23 13:33:38 | Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll |
| Previous Message | PG Bug reporting form | 2021-06-23 13:05:23 | BUG #17071: ORDER BY gets ignored when result set has only one row, but another one gets added by rollup() |