Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

Vince,

Do you reckon it's worth you responding to "Sir Mordred" and pointing
out that he overstated the vulnerability?

:-)

Regards and best wishes,

Justin Clift


Tom Lane wrote:
> 
> Justin Clift <justin@postgresql.org> writes:
> > Glad he made the advisory for something there's a fix for.  :)
> 
> The claim that this bug allows execution of arbitrary code is bogus anyway.
> The overflow at INT_MIN will clobber the stack, yes, but in an absolutely
> predetermined way; an attacker will have no opportunity to insert code
> of his choosing.
> 
>                         regards, tom lane

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi