[prev in list] [next in list] [prev in thread] [next in thread]
List: pgsql-bugs
Subject: Re: Insufficient memory access checks in pglz_decompress
From: Flavien GUEDEZ <flav.pg () oopacity ! net>
Date: 2023-10-19 7:05:17
Message-ID: 1c198c85-92c5-4b2f-bcfb-05376d89ba09 () oopacity ! net
[Download RAW message or body]
Le 19/10/2023 à 02:48, Tom Lane a écrit :
> I thought of another thing we should change: it's better to perform
> the test as "off > (dp - dest)" than the way you formulated it.
> "dp - dest" is certainly computable, since it's the number of bytes
> we've written to the output buffer so far. But "dp - off" could,
> with bad luck and a buffer near the start of memory, wrap around
> to look like it's after "dest".
>
> Pushed with that change and a little fiddling with the comment.
> Thanks for the report!
>
> regards, tom lane
Thank you for the details !
Best,
Flavien
[Attachment #3 (text/html)]
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Le 19/10/2023 à 02:48, Tom Lane a écrit :<br>
<blockquote type="cite" cite="mid:3235130.1697676483@sss.pgh.pa.us"><span
style="white-space: pre-wrap">
</span>
<pre class="moz-quote-pre" wrap="">I thought of another thing we should change: \
it's better to perform the test as "off > (dp - dest)" than the way you formulated \
it. "dp - dest" is certainly computable, since it's the number of bytes
we've written to the output buffer so far. But "dp - off" could,
with bad luck and a buffer near the start of memory, wrap around
to look like it's after "dest".
Pushed with that change and a little fiddling with the comment.
Thanks for the report!
regards, tom lane
</pre>
</blockquote>
Thank you for the details !<br>
Best,<br>
Flavien<br>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic