| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Flavien GUEDEZ <flav(dot)pg(at)oopacity(dot)net> |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Insufficient memory access checks in pglz_decompress |
| Date: | 2023-10-19 00:48:03 |
| Message-ID: | 3235130.1697676483@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Flavien GUEDEZ <flav(dot)pg(at)oopacity(dot)net> writes:
> Thanks for your feedback, you are definitely right, I did not notice
> that (dp - off) was staying the same in the while loop.
> Here is another much smaller patch.
I thought of another thing we should change: it's better to perform
the test as "off > (dp - dest)" than the way you formulated it.
"dp - dest" is certainly computable, since it's the number of bytes
we've written to the output buffer so far. But "dp - off" could,
with bad luck and a buffer near the start of memory, wrap around
to look like it's after "dest".
Pushed with that change and a little fiddling with the comment.
Thanks for the report!
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-10-19 01:46:29 | Re: Variable substitution in jsonb functions fails for jsonpath operator like_regex |
| Previous Message | Jeff Janes | 2023-10-19 00:42:21 | Re: Variable substitution in jsonb functions fails for jsonpath operator like_regex |