Re: Minor binary-search int overflow in timezone code
| От | Christoph Berg |
|---|---|
| Тема | Re: Minor binary-search int overflow in timezone code |
| Дата | |
| Msg-id | 20141218171300.GC21098@msg.df7cb.de обсуждение исходный текст |
| Ответ на | Re: Minor binary-search int overflow in timezone code (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
Re: Tom Lane 2014-12-16 <14615.1418694505@sss.pgh.pa.us> > Jim Nasby <Jim.Nasby@BlueTreble.com> writes: > > On 12/15/14, 1:39 PM, Christoph Berg wrote: > >> Well, if it's not interesting, let's just forget it. Sorry. > > > At the risk of sticking my head in the lions mouth... this is the kind of response that deters people from contributinganything to the project, including reviewing patches. A simple "thanks, but we feel it's already clear enoughthat there can't be anywhere close to INT_MAX timezones" would have sufficed. > > Yeah, I need to apologize. I was a bit on edge today due to the release > wrap (which you may have noticed wasn't going too smoothly), and should > not have responded like that. Hi, maybe I should apologize as well for submitting this right at the time of the release... > I also remain curious as to what sort of tool would complain about this > particular code and not the N other nearly-identical binary-search loops > in the PG sources, most of which deal with data structures potentially > far larger than the timezone data ... He said he found it in manual code review, not using a tool. But anyway, I do agree this is a very minor issue and there's much more interesting things to spend time on. I promise to send in more severe security issues next time :) Christoph -- cb@df7cb.de | http://www.df7cb.de/
В списке pgsql-hackers по дате отправления: