Re: [HACKERS] Code quality issues in ICU patch
| От | Noah Misch |
|---|---|
| Тема | Re: [HACKERS] Code quality issues in ICU patch |
| Дата | |
| Msg-id | 20170630034547.GC2045345@rfd.leadboat.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Code quality issues in ICU patch (Noah Misch <noah@leadboat.com>) |
| Список | pgsql-hackers |
On Sun, Jun 25, 2017 at 09:28:51PM -0700, Noah Misch wrote: > On Sat, Jun 24, 2017 at 10:03:25AM -0400, Peter Eisentraut wrote: > > On 6/23/17 12:31, Tom Lane wrote: > > > icu_to_uchar() and icu_from_uchar(), and perhaps other places, are > > > touchingly naive about integer overflow hazards in buffer size > > > calculations. I call particular attention to this bit in > > > icu_from_uchar(): > > > > > > len_result = UCNV_GET_MAX_BYTES_FOR_STRING(len_uchar, ucnv_getMaxCharSize(icu_converter)); > > > > > > The ICU man pages say that that macro is defined as > > > > > > #define UCNV_GET_MAX_BYTES_FOR_STRING(length, maxCharSize) (((int32_t)(length)+10)*(int32_t)(maxCharSize)) > > > > > > which means that getting this to overflow (resulting in > > > probably-exploitable memory overruns) would be about as hard as taking > > > candy from a baby. > > > > Here is a patch that should address this. > > [Action required within three days. This is a generic notification.] > > The above-described topic is currently a PostgreSQL 10 open item. Peter, > since you committed the patch believed to have created it, you own this open > item. If some other commit is more relevant or if this does not belong as a > v10 open item, please let us know. Otherwise, please observe the policy on > open item ownership[1] and send a status update within three calendar days of > this message. Include a date for your subsequent status update. Testers may > discover new open items at any time, and I want to plan to get them all fixed > well in advance of shipping v10. Consequently, I will appreciate your efforts > toward speedy resolution. Thanks. > > [1] https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com This PostgreSQL 10 open item is past due for your status update. Kindly send a status update within 24 hours, and include a date for your subsequent status update. Refer to the policy on open item ownership: https://www.postgresql.org/message-id/20170404140717.GA2675809%40tornado.leadboat.com
В списке pgsql-hackers по дате отправления: