Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Дата
Msg-id 2338837.1624471430@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Список pgsql-bugs
Дерево обсуждения 
I wrote:
> Hmph.  I can't reproduce this on RHEL8: so far as I can tell, the string
> is physically null-terminated, and clang's address sanitizer doesn't
> complain either.  Still, given the vagueness of the spec for
> gss_display_status, it seems wise to not assume that every GSS
> implementation acts the same.

I've committed fixes to make our code rely on the returned length
field instead.  Hopefully that won't expose any new bugs in other
GSS implementations :-(

            regards, tom lane

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #17071: ORDER BY gets ignored when result set has only one row, but another one gets added by rollup()