Quick Links

Buffer overflow in SerializeLibraryState() found by Address Sanitizer

From:	David Geier <geidav(dot)pg(at)gmail(dot)com>
To:	pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Buffer overflow in SerializeLibraryState() found by Address Sanitizer
Date:	2025-06-10 12:59:10
Message-ID:	5dd32e11-dba7-4964-b2a6-bb456059a8ea@gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Hi hackers!

SerializeLibraryState() writes 1 byte too much into the buffer pointed
to by start_address. This is the very last '\0' it writes after the
loop. Attached is a patch that fixes the problem by accounting for that
extra byte in EstimateLibraryStateSpace()

--
David Geier
(ServiceNow)

Attachment	Content-Type	Size
0001-Fix-buffer-overflow-in-SerializeLibraryState.patch	text/plain	744 bytes

Responses

Re: Buffer overflow in SerializeLibraryState() found by Address Sanitizer at 2025-06-10 13:06:24 from Daniel Gustafsson

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Daniel Gustafsson	2025-06-10 13:06:24	Re: Buffer overflow in SerializeLibraryState() found by Address Sanitizer
Previous Message	Jim Jones	2025-06-10 12:51:16	Re: Feature: psql - display current search_path in prompt