BUG #5101: Off-by-one error in bitncmp() in src/backend/utils/adt/network.c
| От | Chris Mikkelson |
|---|---|
| Тема | BUG #5101: Off-by-one error in bitncmp() in src/backend/utils/adt/network.c |
| Дата | |
| Msg-id | 200910071747.n97HlsvM098115@wwwmaster.postgresql.org обсуждение |
| Ответы |
Re: BUG #5101: Off-by-one error in bitncmp() in src/backend/utils/adt/network.c
|
| Список | pgsql-bugs |
The following bug has been logged online:
Bug reference: 5101
Logged by: Chris Mikkelson
Email address: cmikk@qwest.net
PostgreSQL version: 8.4.1(+earlier)
Operating system: all
Description: Off-by-one error in bitncmp() in
src/backend/utils/adt/network.c
Details:
When comparing a number of bits divisible by 8, bitncmp() may dereference a
pointer one byte out
of bounds.
The following patch against 8.4.1 incorporates the fix made to bitncmp() in
the BIND source tree:
*** src/backend/utils/adt/network.c.orig 2009-10-07
12:32:13.000000000 -0500
--- src/backend/utils/adt/network.c 2009-10-07 12:32:45.000000000 -0500
*************** bitncmp(void *l, void *r, int n)
*** 972,979 ****
b = n / 8;
x = memcmp(l, r, b);
! if (x)
! return x;
lb = ((const u_char *) l)[b];
rb = ((const u_char *) r)[b];
--- 972,979 ----
b = n / 8;
x = memcmp(l, r, b);
! if (x || (n % 8) == 0)
! return (x);
lb = ((const u_char *) l)[b];
rb = ((const u_char *) r)[b];
В списке pgsql-bugs по дате отправления: