Re: Oops in fe-auth.c

Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>> I never actually tested if it crashes on mingw, but looking some more at it
>>> it really should - once one of these errors happen.
>
>> Hm. Much easier than that - the code is new in HEAD. 8.2 did
>> fprintf(stderr). And HEAD still does that in at least one case.
>
>> Anyway, I'll go ahead with the patch I wrote since it does Seem Nicer to
>> actually use the PQexpbuffer code there, and the patch was rather
>> trivial, but it's certainly not something to backpatch then...
>
> It does look like there is a risk in 8.2 and before, though:
> the fe-auth.c code has a lot of snprintf's with PQERRORMSG_LENGTH,
> which should all be INITIAL_EXPBUFFER_SIZE according to that header
> comment. snprintf typically doesn't write more than it has to,
> but if there ever were a message exceeding INITIAL_EXPBUFFER_SIZE
> we'd be at risk of a memory clobber. So that should be changed
> as far back as it does that. Do you want to take care of it?
> I can if you don't want to.

Oh, didn't realize that one.

I can take a look at that as well, once I'm done with this one. Seems
easy enough - I'll leave you to focus on the more difficult stuff :-)

//Magnus