Home > mailing lists

Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Date	June 23, 2021 19:02:40
Msg-id	2249065.1624464160@sss.pgh.pa.us Whole thread Raw
In response to	Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll (Sudheer H R <sudheer.hr@tekenlight.com>)
Responses	Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Sudheer H R <sudheer.hr@tekenlight.com> writes:
> Built with —with-gssapi and the problem occurs again.

Hmph.  I can't reproduce this on RHEL8: so far as I can tell, the string
is physically null-terminated, and clang's address sanitizer doesn't
complain either.  Still, given the vagueness of the spec for
gss_display_status, it seems wise to not assume that every GSS
implementation acts the same.

            regards, tom lane

pgsql-bugs by date:

From: Alexander Korotkov
Date: 23 June 2021, 18:31:05
Subject: Re: BUG #17066: Cache lookup failed when null (iso-8859-1) is passed as anycompatiblemultirange

From: Tom Lane
Date: 23 June 2021, 21:03:50
Subject: Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll

Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll - Mailing list pgsql-bugs

Previous

Next