| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Oops in fe-auth.c |
| Date: | 2007-07-23 17:26:32 |
| Message-ID: | 29403.1185211592@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> I never actually tested if it crashes on mingw, but looking some more at it
>> it really should - once one of these errors happen.
> Hm. Much easier than that - the code is new in HEAD. 8.2 did
> fprintf(stderr). And HEAD still does that in at least one case.
> Anyway, I'll go ahead with the patch I wrote since it does Seem Nicer to
> actually use the PQexpbuffer code there, and the patch was rather
> trivial, but it's certainly not something to backpatch then...
It does look like there is a risk in 8.2 and before, though:
the fe-auth.c code has a lot of snprintf's with PQERRORMSG_LENGTH,
which should all be INITIAL_EXPBUFFER_SIZE according to that header
comment. snprintf typically doesn't write more than it has to,
but if there ever were a message exceeding INITIAL_EXPBUFFER_SIZE
we'd be at risk of a memory clobber. So that should be changed
as far back as it does that. Do you want to take care of it?
I can if you don't want to.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-07-23 17:30:32 | Re: Oops in fe-auth.c |
| Previous Message | Magnus Hagander | 2007-07-23 17:22:50 | Re: [HACKERS] Oops in fe-auth.c |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-07-23 17:30:32 | Re: Oops in fe-auth.c |
| Previous Message | Magnus Hagander | 2007-07-23 17:22:50 | Re: [HACKERS] Oops in fe-auth.c |