Re: chkpass with RANDOMIZE_ALLOCATED_MEMORY

On Sat, Feb 14, 2015 at 10:26 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Asif Naeem <anaeem.it@gmail.com> writes:
> > It is been observed on RANDOMIZE_ALLOCATED_MEMORY enabled PG95 build that
> > chkpass is failing because of uninitialized memory and seems showing false
> > alarm.
>
> It's not a false alarm, unfortunately, because chkpass_in actually does
> give different results from one call to the next.  We could fix the aspect
> of that involving failing to zero out unused bytes (which it appears was
> introduced by sloppy replacement of strncpy with strlcpy).  But we can't
> really do anything about the dependency on random(), because that's part
> of the fundamental specification of the data type.  It was a bad idea,
> no doubt, to design the input function to do this; but we're stuck with
> it now.
>