Home > mailing lists

Re: glibc qsort() vulnerability - Mailing list pgsql-hackers

From	Nathan Bossart
Subject	Re: glibc qsort() vulnerability
Date	February 8 21:38:35
Msg-id	20240208183835.GA503311@nathanxps13 Whole thread Raw
In response to	Re: glibc qsort() vulnerability (Mats Kindahl <mats@timescale.com>)
Responses	Re: glibc qsort() vulnerability
List	pgsql-hackers

Tree view

On Thu, Feb 08, 2024 at 02:16:11PM +0100, Mats Kindahl wrote:
> +/*
> + * Compare two integers and return -1, 0, or 1 without risking overflow.
> + *
> + * This macro is used to avoid running into overflow issues because a simple
> + * subtraction of the two values when implementing a cmp function for qsort().
> +*/
> +#define INT_CMP(lhs,rhs) (((lhs) > (rhs)) - ((lhs) < (rhs)))

I think we should offer a few different macros, i.e., separate macros for
int8, uint8, int16, uint16, int32, etc.  For int16, we can do something
faster like

    (int32) (lhs) - (int32) (rhs)

but for int32, we need to do someting more like what's in the patch.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

pgsql-hackers by date:

From: John Morris
Date: 08 February, 21:30:01
Subject: Re: Where can I find the doxyfile?

From: Tom Lane
Date: 08 February, 21:44:02
Subject: Re: glibc qsort() vulnerability

Re: glibc qsort() vulnerability - Mailing list pgsql-hackers

Previous

Next