On Thu, Mar 14, 2024 at 10:56:46AM +0100, Daniel Gustafsson wrote:
> + /* don't allow destroys of read-only StringInfos */
> + Assert(str->maxlen != 0);
> Considering that StringInfo.c don't own the memory here I think it's warranted
> to turn this assert into an elog() to avoid the risk of use-after-free bugs.
Hmm. I am not sure how much protection this would offer, TBH. One
thing that I find annoying with common/stringinfo.c as it is currently
is that we have two exit() calls in the enlarge path, and it does not
seem wise to me to spread that even more.
My last argument sounds like a nit for HEAD knowing that this does not
impact libpq that has its own pqexpbuffer.c to avoid issues with
palloc, elog and exit, but that could be a problem if OAuth relies
more on these code paths in libpq.
--
Michael