| From: | Mats Kindahl <mats(at)timescale(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | glibc qsort() vulnerability |
| Date: | 2024-02-06 14:06:26 |
| Message-ID: | CA+14426g2Wa9QuUpmakwPxXFWG_1FaY0AsApkvcTBy-YfS6uaw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
There is a bug in glibc's qsort() algorithm that runs the risk of creating
an out-of-bounds error if the comparison function is not transitive, for
example, if subtraction is used so that it can create an overflow.
See
https://packetstormsecurity.com/files/176931/glibc-qsort-Out-Of-Bounds-Read-Write.html
I checked the existing functions in the latest version of Postgres source
code and most are safe, but there were a few ones that could lead to
overflow. I do not know if these can actually lead to problems, but better
safe than sorry, so I created a patch to fix those few cases and add a
comment to one case that was not clear that it could not overflow.
Best wishes,
Mats Kindahl, Timescale
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Ensure-comparison-functions-are-transitive.patch | text/x-patch | 2.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-02-06 14:10:27 | Re: Possibility to disable `ALTER SYSTEM` |
| Previous Message | Zhijie Hou (Fujitsu) | 2024-02-06 13:51:01 | RE: Synchronizing slots from primary to standby |