| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jack Orenstein <jorenstein(at)archivas(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Buffer overflow in psql |
| Date: | 2006-11-22 17:07:13 |
| Message-ID: | 2008.1164215233@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Jack Orenstein <jorenstein(at)archivas(dot)com> writes:
> The problem has occurred again, and I've found a buffer overflow in
> psql that explains it. Here is code from src/bin/psql/common.c, from
> the PrintQueryResults function:
> case PGRES_COMMAND_OK:
> {
> char buf[10];
> success = true;
> sprintf(buf, "%u", (unsigned int) PQoidValue(results));
Good catch! What platform and compiler are you using exactly? I'd
imagine that on most platforms, the size of that array is effectively
rounded up to 12 bytes due to alignment/padding considerations, which
would mask the mistake. Yours must somehow be putting something
critical right after the array.
> 1) Is one of the postgresql developers willing to get this fix into
> the next release? (We're patching our own 7.4.8 build.)
Yeah, we'll fix it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John McCawley | 2006-11-22 17:08:22 | Re: Data transfer between databases over the Internet |
| Previous Message | Guy Rouillier | 2006-11-22 17:06:36 | Re: Uninstalling PostgreSql |