Re: Is MinMaxExpr really leakproof? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Is MinMaxExpr really leakproof?
Date
Msg-id 17807.1546279688@sss.pgh.pa.us
Whole thread Raw
In response to Re: Is MinMaxExpr really leakproof?  (Isaac Morland <isaac.morland@gmail.com>)
List pgsql-hackers
Isaac Morland <isaac.morland@gmail.com> writes:
> On Mon, 31 Dec 2018 at 12:26, Noah Misch <noah@leadboat.com> wrote:
>> bttextcmp() and other varstr_cmp() callers fall afoul of the same
>> restriction with their "could not convert string to UTF-16" errors

> I'm confused. What characters cannot be represented in UTF-16?

What's actually being reported there is failure of Windows'
MultiByteToWideChar function.  Probable causes could include
invalid data (not valid UTF8), or conditions such as out-of-memory
which might have nothing at all to do with the input.

There are similar, equally nonspecific, error messages in the
non-Windows code path.

In principle, an attacker might be able to find out the existence
of extremely long strings in a column by noting out-of-memory
failures in this code, but that doesn't seem like a particularly
interesting information leak ...

            regards, tom lane


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Is MinMaxExpr really leakproof?
Next
From: Andrew Gierth
Date:
Subject: Re: Is MinMaxExpr really leakproof?