Quick Links

Re: glibc qsort() vulnerability

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Mats Kindahl <mats(at)timescale(dot)com>
Cc:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: glibc qsort() vulnerability
Date:	2024-02-06 15:11:16
Message-ID:	508821.1707232276@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Mats Kindahl <mats(at)timescale(dot)com> writes:
> There is a bug in glibc's qsort() algorithm that runs the risk of creating
> an out-of-bounds error if the comparison function is not transitive, for
> example, if subtraction is used so that it can create an overflow.

We don't use glibc's qsort. Have you checked whether there's a
problem with the code we do use?

regards, tom lane

In response to

glibc qsort() vulnerability at 2024-02-06 14:06:26 from Mats Kindahl

Responses

Re: glibc qsort() vulnerability at 2024-02-06 20:53:05 from Nathan Bossart
Re: glibc qsort() vulnerability at 2024-02-07 09:01:58 from Mats Kindahl

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2024-02-06 15:14:45	Re: clarify equalTupleDescs()
Previous Message	Tom Lane	2024-02-06 14:51:56	Re: Why is subscription/t/031_column_list.pl failing so much?