Good catch!
Thanks. I have committed your fix.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
> I found a buffer overflow bug in contrib/pgbench.
> This occures when -c >= 2.
>
>
>
> The type of 'state' is CState*, so we should use state+1 or &state[1],
> not state + sizeof(*state)
>
>
> *** pgbench.c Mon Jul 31 13:18:45 2006
> --- pgbench.fixed.c Mon Jul 31 13:18:10 2006
> *************** main(int argc, char **argv)
> *** 1344,1350 ****
> exit(1);
> }
>
> ! memset(state + sizeof(*state), 0, sizeof(*state) * (nclients - 1));
>
> for (i = 1; i < nclients; i++)
> {
> --- 1344,1350 ----
> exit(1);
> }
>
> ! memset(state + 1, 0, sizeof(*state) * (nclients - 1));
>
> for (i = 1; i < nclients; i++)
> {
>
> Regards,
> ---
> ITAGAKI Takahiro
> NTT Open Source Software Center
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>