| From: | "Long Song" <songlong88(at)126(dot)com> |
|---|---|
| To: | "Ranier Vilela" <ranier(dot)vf(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re:Avoid an odd undefined behavior with memcmp (src/bin/pg_rewind/pg_rewind.c) |
| Date: | 2024-05-30 01:41:29 |
| Message-ID: | 5b47b4b4.1a13.18fc728c5a0.Coremail.songlong88@126.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Ranier,
> IMO, I think that pg_rewind can have a security issue,
> if two files are exactly the same, they are considered different.
> Because use of structs with padding values is unspecified.
Logically you are right. But I don't understand what scenario
would require memcmp to compare ControlFileData.
In general, we read ControlFileData from a pg_control file
and then use members of ControlFileData directly.
So the two ControlFileData are not directly compared by byte.
> Fix by explicitly initializing with memset to avoid this.
And, even if there are scenarios that use memcmp comparisons,
your modifications are not complete.
There are three calls to the digestControlFile in the main()
of pg_rewind.c, and as your said(if right), these should do
memory initialization every time.
--
Best Regards,
Long
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Smith | 2024-05-30 03:16:10 | Re: Improving the latch handling between logical replication launcher and worker processes. |
| Previous Message | Peter Smith | 2024-05-30 00:50:49 | Re: Ambiguous description on new columns |