Quick Links

Re: glibc qsort() vulnerability

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc:	Mats Kindahl <mats(at)timescale(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: glibc qsort() vulnerability
Date:	2024-02-06 20:55:58
Message-ID:	642084.1707252958@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
> Even if the glibc issue doesn't apply to Postgres, I'm tempted to suggest
> that we make it project policy that comparison functions must be
> transitive. There might be no real issues today, but if we write all
> comparison functions the way Mats is suggesting, it should be easier to
> reason about overflow risks.

A comparison routine that is not is probably broken, agreed.
I didn't look through the details of the patch --- I was more
curious whether we had a version of the qsort bug, because
if we do, we should fix that too.

regards, tom lane

In response to

Re: glibc qsort() vulnerability at 2024-02-06 20:53:05 from Nathan Bossart

Responses

Re: glibc qsort() vulnerability at 2024-02-06 20:57:38 from Nathan Bossart
Re: glibc qsort() vulnerability at 2024-02-07 09:09:58 from Mats Kindahl

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Nathan Bossart	2024-02-06 20:57:38	Re: glibc qsort() vulnerability
Previous Message	Nathan Bossart	2024-02-06 20:53:05	Re: glibc qsort() vulnerability