From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com> |
Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll |
Date: | 2021-06-23 13:24:38 |
Message-ID: | 2080223.1624454678@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com> writes:
> While trying to sanitise the code for heap buffer overflows I compiled and linked the executable with clang -fsanitize=“address” option. The connection library indicates a buffer over flow in an internal source code of the module.
Hm, interesting. Our code is expecting that gss_display_status() returns
a null-terminated string, but this trace suggests that the string is
not necessarily null-terminated. The documentation I found on the net
is unclear on the point, and the code I could find is split as to how
the string is treated. If it's not supposed to be null-terminated,
we're hardly the only ones making that mistake.
In any case, you wouldn't get here unless we'd run into some kind of
problem trying to make a GSS connection. Could you maybe explain the
conditions you're running this under, and/or print out the failure message
it constructs?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Sudheer H R | 2021-06-23 13:33:38 | Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll |
Previous Message | PG Bug reporting form | 2021-06-23 13:05:23 | BUG #17071: ORDER BY gets ignored when result set has only one row, but another one gets added by rollup() |