Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Buffer overflow in psql
- From: "John D. Burger" <john(at)mitre(dot)org>
- To: pgsql-general(at)postgresql(dot)org
- Subject: Re: Buffer overflow in psql
- Date: Mon, 27 Nov 2006 10:24:08 -0500
- Message-id: <45E917CE-ABCD-46A8-9707-F1CBCEC6305C(at)mitre(dot)org>
Tom Lane wrote:
Um, is that really considered a fix??? We all know that there's no guarantee at all, even in ANSI C, that unsigned int isn't bigger than 32 bits, right?OID is 32 bits. Full stop.
I should know better than to argue about this, but:In that case, casting it as in the OP's code sample seems problematic in the other direction:
sprintf(buf, "%u", (unsigned int)PQoidValue(results));since unsigned int could be as small as 16 bits, thus truncating the OID value.
Ok, I'll stop now, I promise. - John D. Burger MITRE
- References:
- Buffer overflow in psql
- From: Jack Orenstein
- Re: Buffer overflow in psql
- From: Tom Lane
- Re: Buffer overflow in psql
- From: Jack Orenstein
- Re: Buffer overflow in psql
- From: Tom Lane
- Re: Buffer overflow in psql
- From: John D. Burger
- Re: Buffer overflow in psql
- From: Tom Lane
- Buffer overflow in psql
- Prev by Date: Re: kerberos authentication error with Windows 2003 SP1 AD
- Next by Date: Re: PGDATA
- Previous by thread: Re: Buffer overflow in psql
- Next by thread: Grant group revoke user isue
- Indexes: