From: | Andres Freund <andres(at)anarazel(dot)de> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: C99 compliance for src/port/snprintf.c |
Date: | 2018-08-15 21:52:17 |
Message-ID: | 20180815215217.b3gnglunnxpxsl2d@alap3.anarazel.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-www |
On 2018-08-15 14:05:29 -0400, Tom Lane wrote:
> I wrote:
> > Meh --- the hazards of back-patching seem to me to be more hypothetical
> > than the benefits. Still, I seem to be in the minority, so I withdraw
> > the proposal to back-patch.
>
> Actually, after digging around a bit, I'm excited about this again.
> There are only a couple dozen places in our tree that pay any attention
> to the result of (v)snprintf, but with the exception of psnprintf,
> appendPQExpBufferVA, and one or two other places, *they're all assuming
> C99 semantics*, and will fail to detect buffer overflow with the pre-C99
> behavior.
>
> Probably a lot of these are not live bugs because buffer overrun is
> not ever going to occur in practice. But at least pg_upgrade and
> pg_regress are constructing command strings including externally
> supplied paths, so overrun doesn't seem impossible. If it happened,
> they'd merrily proceed to execute a truncated command.
>
> If we don't backpatch the snprintf change, we're morally obliged to
> back-patch some other fix for these places. At least one of them,
> in plperl's pport.h, is not our code and so changing it seems like
> a bad idea.
>
> Still want to argue for no backpatch?
>
> regards, tom lane
>
> PS: I also found a couple of places that are just wrong regardless
> of semantics: they're checking overflow by "result > bufsize", not
> "result >= bufsize". Will fix those in any case.
I'm a bit confused. Why did you just backpatch this ~two hours after
people objected to the idea? Even if it were during my current work
hours, I don't even read mail that often if I'm hacking on something
complicated.
Greetings,
Andres Freund
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-08-15 22:06:05 | Re: Stored procedures and out parameters |
Previous Message | Andres Freund | 2018-08-15 21:49:31 | Re: C99 compliance for src/port/snprintf.c |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-08-15 22:13:59 | Re: C99 compliance for src/port/snprintf.c |
Previous Message | Andres Freund | 2018-08-15 21:49:31 | Re: C99 compliance for src/port/snprintf.c |