Quick Links

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?

From:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Date:	2018-07-10 22:44:21
Message-ID:	20180710224421.lnuq3aavioc7na2r@alvherre.pgsql
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2018-Jul-10, Tom Lane wrote:

> I propose to run through the system operator classes, find any for which
> the comparison function isn't marked leakproof but the operators are,
> and fix them. This is clearly appropriate for HEAD and maybe it's not
> too late to force an initdb for v11 --- thoughts?

on initdb in v11, see
https://postgr.es/m/CAKJS1f9cqoSKS9JVcBKGa2mdn-24YPWc9XLzFDNsmjJMUpth1w@mail.gmail.com

--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? at 2018-07-10 22:31:15 from Tom Lane

Responses

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? at 2018-07-10 22:58:05 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2018-07-10 22:53:03	Re: possible issue with array type created for every heap relation composite type
Previous Message	Jimmy Yih	2018-07-10 22:33:41	possible issue with array type created for every heap relation composite type