Re: BUG #16694: Server hangs in 100% CPU loop when decompressing a specific TOAST Postgis linestring

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrey Borodin <x4mmm(at)yandex-team(dot)ru>
Cc: tvijlbrief(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>
Subject: Re: BUG #16694: Server hangs in 100% CPU loop when decompressing a specific TOAST Postgis linestring
Date: 2020-11-02 05:16:45
Message-ID: 592336.1604294205@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Andrey Borodin <x4mmm(at)yandex-team(dot)ru> writes:
> I'm not sure protection from corrupt input is complete within pglz. We
> still do not protect from matches with offsets before source data.

Yeah, I was wondering about that. Not quite sure it's worth adding
cycles to defend against though. I don't buy the "security" aspect,
since there's no plausible route for an attacker to inject corrupted
compressed data unless they already have full access to the database.
The "maybe core dump" argument is a bit stronger, but not very much so.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Andrey Borodin 2020-11-02 05:33:09 Re: BUG #16694: Server hangs in 100% CPU loop when decompressing a specific TOAST Postgis linestring
Previous Message Andrey Borodin 2020-11-02 05:02:40 Re: BUG #16694: Server hangs in 100% CPU loop when decompressing a specific TOAST Postgis linestring