Re: Improving psql's \password command

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Bossart, Nathan" <bossartn(at)amazon(dot)com>
Cc: "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Improving psql's \password command
Date: 2021-11-15 21:03:53
Message-ID: 2152988.1637010233@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

"Bossart, Nathan" <bossartn(at)amazon(dot)com> writes:
> On 11/15/21, 10:13 AM, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> * I don't believe that this bit is necessary, or if it is,
>> the comment fails to justify it:
>>
>> - initStringInfo(&buf);
>> + /* make sure buf is palloc'd so we don't lose changes after a longjmp */
>> + buf = makeStringInfo();

> My main worry was that buf->data might get repalloc'd via
> enlargeStringInfo(), which could cause problems after a longjmp.

So what? That has nothing to do with whether the buf struct itself
is alloc'd or not. Besides which, no longjmp is going to happen
during any reallocation. I'm not entirely sure what scenario
you're worried about, but I don't see how alloc'ing the
StringInfoData struct would make it any safer. If anything it'd
be less safe, since the StringInfoData is certain to be on the
stack, while a buf pointer variable is likely to be kept in a
register. But really that doesn't matter anyhow, since this
is a stack level below where the sigsetjmp call is. AFAIK the
only longjmp clobber risk is to pg_get_line_append's mutable
local variables, of which there are none.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2021-11-15 21:04:05 Re: Time to drop plpython2?
Previous Message Álvaro Herrera 2021-11-15 21:01:25 Re: support for MERGE