Re: Possible memory corruption (src/timezone/zic.c b/src/timezone/zic.c)

Em dom., 16 de mai. de 2021 às 22:37, Kyotaro Horiguchi <
horikyota(dot)ntt(at)gmail(dot)com> escreveu:

> At Sat, 15 May 2021 11:35:13 -0300, Ranier Vilela <ranier(dot)vf(at)gmail(dot)com>
> wrote in
> > Em sex., 14 de mai. de 2021 às 19:52, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> escreveu:
> >
> > > I wrote:
> > > > So the question for us is whether it's worth trying to make
> pgreadlink
> > > > conform to the letter of the POSIX spec in this detail. TBH, I can't
> > > > get excited about that, at least not so far as zic's usage is
> concerned.
> > >
> > > Hmmm ... on closer inspection, though, it might not be that hard.
> > > pgreadlink is already using a fixed-length buffer (with only enough
> > > room for MAX_PATH WCHARs) for the input of WideCharToMultiByte. So
> > > it could use a fixed-length buffer of say 4 * MAX_PATH bytes for the
> > > output, and then transfer just the appropriate amount of data to the
> > > caller's buffer.
> > >
> > Following your directions, maybe something like this will solve?
>
> - DWORD attr;
> - HANDLE h;
>
> Why the patch moves the definitions for "attr" and "h"?
>
Hi Kyotaro, thank you for reviewing this.

I changed the declarations of variables for reasons of standardization and
to avoid fragmentation of memory,
following the same principles of declaration of structures.

>
> + Assert(path != NULL && buf != NULL);
>
> I don't think it's required. Even if we want to imitate readlink,
> they should (maybe) return EFALUT in that case.
>
Yes. It is not a requirement.
But I try to take every chance to prevent bugs.
And always validating the entries, sooner or later, helps to find errors.

>
>
> + buf[r] = '\0';
>
> readlink is defined as not appending a terminator. In the first place
> the "buf[r] = '\0'" is overrunning the given buffer.
>
Ok. I will remove this.

>
>
> - return 0 <= readlink(name, &c, 1);
> + return 0 <= readlink(name, linkpath, sizeof(linkpath));
>
> According to the discussion, we don't want to modify zic.c at
> all. (Maybe forgot to remove?)
>
I haven't forgotten.

I just don't agree to use char, as char pointers.
But I can remove it from the patch too.

regards,
Ranier Vilela