| From: | Mats Kindahl <mats(at)timescale(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: glibc qsort() vulnerability |
| Date: | 2024-02-09 19:35:57 |
| Message-ID: | CA+14426hPFzv1vZAjC+eqNnKOJRgLCNuixZ5iMX5m-TuMD0o6w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Feb 9, 2024 at 5:27 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
> > On Fri, Feb 09, 2024 at 08:52:26AM +0100, Mats Kindahl wrote:
> >> The types "int" and "size_t" are treated as s32 and u32 respectively
> since
> >> that seems to be the case for most of the code, even if strictly not
> >> correct (size_t can be an unsigned long int for some architecture).
>
> > Why is it safe to do this?
>
> We do pretty much assume that "int" is "int32". But I agree that
> assuming anything about the width of size_t is bad. I think we need
> a separate pg_cmp_size() or pg_cmp_size_t().
>
I added precisely one first, but removed it when I saw that all uses
assumed that it was an int. :)
I'll add it back.
Best wishes,
Mats Kindahl
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2024-02-09 19:36:18 | Re: [PATCH] Add native windows on arm64 support |
| Previous Message | Andres Freund | 2024-02-09 19:27:05 | Re: Make COPY format extendable: Extract COPY TO format implementations |