| From: | Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Justin Pryzby <pryzby(at)telsasoft(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pg17.3 PQescapeIdentifier() ignores len |
| Date: | 2025-02-13 19:19:36 |
| Message-ID: | CAEudQApv_mN8-w6RBiP22GUNwxbrr=r__CbzVFn8gWG3V4LLsQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Em qui., 13 de fev. de 2025 às 16:05, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> escreveu:
> Ranier Vilela <ranier(dot)vf(at)gmail(dot)com> writes:
> > Interesting, Coverity has some new reports regarding PQescapeIdentifier.
>
> > CID 1591290: (#1 of 1): Out-of-bounds access (OVERRUN)
> > 2. alloc_strlen: Allocating insufficient memory for the terminating null
> of
> > the string. [Note: The source code implementation of the function has
> been
> > overridden by a builtin model.]
>
> That's not new, we've been seeing those for awhile. I've been
> ignoring them on the grounds that (a) if the code actually had such a
> problem, valgrind testing would have found it, and (b) the message is
> saying in so many words that they're ignoring our code in favor of
> somebody's apparently-inaccurate model of said code.
>
Thanks Tom, extra care is needed when analyzing these reports.
best regards,
Ranier Vilela
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2025-02-13 20:32:51 | Re: BitmapHeapScan streaming read user and prelim refactoring |
| Previous Message | Pavel Stehule | 2025-02-13 19:09:52 | Re: Is pgAdmin the only front-end to PostgreSQL debugger ? And is "a working pl/pgsql debugger" something core should care to maintain ? |