Thread: contrib/pgbench bugfix
I found a buffer overflow bug in contrib/pgbench. This occures when -c >= 2. The type of 'state' is CState*, so we should use state+1 or &state[1], not state + sizeof(*state) *** pgbench.c Mon Jul 31 13:18:45 2006 --- pgbench.fixed.c Mon Jul 31 13:18:10 2006 *************** main(int argc, char **argv) *** 1344,1350 **** exit(1); } ! memset(state + sizeof(*state), 0, sizeof(*state) * (nclients - 1)); for (i = 1; i < nclients; i++) { --- 1344,1350 ---- exit(1); } ! memset(state + 1, 0, sizeof(*state) * (nclients - 1)); for (i = 1; i < nclients; i++) { Regards, --- ITAGAKI Takahiro NTT Open Source Software Center
Good catch! Thanks. I have committed your fix. -- Tatsuo Ishii SRA OSS, Inc. Japan > I found a buffer overflow bug in contrib/pgbench. > This occures when -c >= 2. > > > > The type of 'state' is CState*, so we should use state+1 or &state[1], > not state + sizeof(*state) > > > *** pgbench.c Mon Jul 31 13:18:45 2006 > --- pgbench.fixed.c Mon Jul 31 13:18:10 2006 > *************** main(int argc, char **argv) > *** 1344,1350 **** > exit(1); > } > > ! memset(state + sizeof(*state), 0, sizeof(*state) * (nclients - 1)); > > for (i = 1; i < nclients; i++) > { > --- 1344,1350 ---- > exit(1); > } > > ! memset(state + 1, 0, sizeof(*state) * (nclients - 1)); > > for (i = 1; i < nclients; i++) > { > > Regards, > --- > ITAGAKI Takahiro > NTT Open Source Software Center > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faq >