Home > mailing lists

Re: write past chunk end in ExprContext / to_char - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: write past chunk end in ExprContext / to_char
Date	June 29, 2007 00:25:53
Msg-id	26014.1183076746@sss.pgh.pa.us Whole thread Raw
In response to	Re: write past chunk end in ExprContext / to_char (imad <immaad@gmail.com>)
List	pgsql-hackers

Tree view

imad <immaad@gmail.com> writes:
> This is the problematic part in formatting.c, function "dch_time".
>                 int            siz = strlen(tmtcTzn(tmtc));
>
>                 if (arg == DCH_TZ)
>                     strcpy(inout, tmtcTzn(tmtc));
>                 else
>                 {
>                     char       *p = palloc(siz);
>
>                     strcpy(p, tmtcTzn(tmtc));
>                     strcpy(inout, str_tolower(p));
>                     pfree(p);
>                 }
>                 return siz;

Hmm.  That was not the buffer overrun I was looking at, but it sure
looks like another one :-(.  Thanks for spotting it!
        regards, tom lane

pgsql-hackers by date:

From: Tom Lane
Date: 29 June 2007, 00:23:48
Subject: Re: SetBufferCommitInfoNeedsSave and race conditions

From: ITAGAKI Takahiro
Date: 29 June 2007, 00:29:08
Subject: Re: lazy vacuum sleeps with exclusive lock on table

Re: write past chunk end in ExprContext / to_char - Mailing list pgsql-hackers

Previous

Next