Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in

Tom Lane wrote:
> 
> Justin Clift <justin@postgresql.org> writes:
> > From the info still around, this looks to mean that the cash_words()
> > problem was fixed, but the cash_out() problem was harder to fix.
> 
> > Tom/Bruce, is that correct?
> 
> The cash_out problem can't really be fixed until we do something about
> subdividing type "opaque" into multiple pseudo-types with more carefully
> defined meanings.  cash_out is declared cash_out(opaque) which does not
> really mean that it accepts any input type ... but one of the several
> meanings of "opaque" is "accepts any type", so the parser doesn't reject
> cash_out(2).
> 
> I'd like to see something done about this fairly soon, but it's not
> happening for 7.3 ...

Hang on, you seem to be suggesting we release a major new upgrade, with
major new functionality, knowing it contains a way to trivially crash
the backend.

Err.. hang on.  What happened to our reputation for quality and
releasing "when it's ready"?

Since when were we Microsoft-ized?

;-)

Regards and best wishes,

Justin Clift
>                         regards, tom lane

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."  - Indira Gandhi