| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Out-of-bounds write and incorrect detection of trigger file in pg_standby |
| Date: | 2015-01-15 02:27:01 |
| Message-ID: | CAB7nPqSB6eY_Lcwyou=8Gnc9Y65oSfOazuKG5siDozQSUqxVAQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jan 15, 2015 at 7:13 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> Instead of doing this:
>
> if (len < sizeof(buf))
> buf[len] = '\0';
>
> ...I would suggest making the size of the buffer one greater than the
> size of the read(), and then always nul-terminating the buffer. It
> seems to me that would make the code easier to reason about.
How about the attached then? This way we still detect the same way any
invalid values:
- if ((len = read(fd, buf, sizeof(buf))) < 0)
+ if ((len = read(fd, buf, sizeof(buf) - 1)) < 0)
Regards,
--
Michael
| Attachment | Content-Type | Size |
|---|---|---|
| 20150115_pg_standby_fixes_v2.patch | text/x-patch | 447 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-01-15 02:42:16 | Re: Safe memory allocation functions |
| Previous Message | Amit Langote | 2015-01-15 02:07:43 | Partitioning: issues/ideas (Was: Re: On partitioning) |