Home > mailing lists

Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll - Mailing list pgsql-bugs

From	Sudheer H R
Subject	Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Date	June 24, 2021 04:53:37
Msg-id	54573F29-636F-4889-9673-7DE8C6645629@tekenlight.com Whole thread Raw
In response to	Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Thanks a lot

> On 23-Jun-2021, at 11:33 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> I wrote:
>> Hmph.  I can't reproduce this on RHEL8: so far as I can tell, the string
>> is physically null-terminated, and clang's address sanitizer doesn't
>> complain either.  Still, given the vagueness of the spec for
>> gss_display_status, it seems wise to not assume that every GSS
>> implementation acts the same.
> 
> I've committed fixes to make our code rely on the returned length
> field instead.  Hopefully that won't expose any new bugs in other
> GSS implementations :-(
> 
>             regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 24 June 2021, 02:35:10
Subject: Re: BUG #17066: Cache lookup failed when null (iso-8859-1) is passed as anycompatiblemultirange

From: hubert depesz lubaczewski
Date: 24 June 2021, 09:23:34
Subject: Re: BUG #17071: ORDER BY gets ignored when result set has only one row, but another one gets added by rollup()

Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll - Mailing list pgsql-bugs

Previous

Next