| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de>, Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Winter Loo <winterloo(at)126(dot)com>, pgsql-hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: may be a buffer overflow problem |
| Date: | 2024-06-18 14:22:01 |
| Message-ID: | d7368e2d-f5af-49b2-80bd-31ec8c611834@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 18.06.24 04:35, Andres Freund wrote:
> On 2024-06-17 23:52:54 +0200, Daniel Gustafsson wrote:
>> Since sqlca is, according to our docs, present in other database systems we
>> should probably keep it a 5-char array for portability reasons. Adding a
>> padding character should be fine though.
>
> How about, additionally, adding __attribute__((nonstring))? Wrapped in an
> attribute, of course. That'll trigger warning for many unsafe uses, like
> strlen().
>
> It doesn't quite detect the problematic case in ecpg_log() though, seems it
> doesn't understand fprintf() well enough (it does trigger in simple printf()
> cases, because they get reduced to puts(), which it understands).
See also <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115513>.
> Adding nonstring possibly allow us to re-enable -Wstringop-truncation,
Note that that would only work because we now always use our own
snprintf(), which is not covered by that option. I mean, we could still
do it, but it's not like the reasons we originally disabled that option
have actually gone away.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-06-18 14:22:49 | Re: CompilerWarnings task does not catch C++ warnings |
| Previous Message | Tom Lane | 2024-06-18 14:20:26 | Re: Truncation of mapped catalogs (whether local or shared) leads to server crash |