Home > mailing lists

contrib/pgbench bugfix - Mailing list pgsql-patches

From	ITAGAKI Takahiro
Subject	contrib/pgbench bugfix
Date	July 31, 2006 04:26:41
Msg-id	20060731132134.5649.ITAGAKI.TAKAHIRO@oss.ntt.co.jp Whole thread Raw
Responses	Re: contrib/pgbench bugfix (Tatsuo Ishii <ishii@sraoss.co.jp>)
List	pgsql-patches

Tree view

I found a buffer overflow bug in contrib/pgbench.
This occures when -c >= 2.



The type of 'state' is CState*, so we should use state+1 or &state[1],
not state + sizeof(*state)


*** pgbench.c    Mon Jul 31 13:18:45 2006
--- pgbench.fixed.c    Mon Jul 31 13:18:10 2006
*************** main(int argc, char **argv)
*** 1344,1350 ****
              exit(1);
          }

!         memset(state + sizeof(*state), 0, sizeof(*state) * (nclients - 1));

          for (i = 1; i < nclients; i++)
          {
--- 1344,1350 ----
              exit(1);
          }

!         memset(state + 1, 0, sizeof(*state) * (nclients - 1));

          for (i = 1; i < nclients; i++)
          {

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center

pgsql-patches by date:

From: David Fetter
Date: 31 July 2006, 02:52:10
Subject: [pstehule@ilikethis.cz: plperl enhancing return possibilities]

From: Tatsuo Ishii
Date: 31 July 2006, 05:16:37
Subject: Re: contrib/pgbench bugfix

contrib/pgbench bugfix - Mailing list pgsql-patches

Previous

Next