Re: glibc qsort() vulnerability
Andres Freund <andres@anarazel.de>
From: Andres Freund <andres@anarazel.de>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Mats Kindahl <mats@timescale.com>, Tom Lane <tgl@sss.pgh.pa.us>, Thomas Munro <thomas.munro@gmail.com>, Heikki Linnakangas <hlinnaka@iki.fi>, pgsql-hackers@lists.postgresql.org
Date: 2024-02-12T21:31:30Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Use new overflow-safe integer comparison functions.
- 3b42bdb47169 17.0 landed
-
Introduce overflow-safe integer comparison functions.
- 6b80394781c8 17.0 landed
-
Replace calls to pg_qsort() with the qsort() macro.
- 5497daf3aa2a 17.0 landed
-
Switch over to using our own qsort() all the time, as has been proposed
- 6edd2b4a91bd 8.2.0 cited
Hi, On 2024-02-12 14:51:38 -0600, Nathan Bossart wrote: > On Mon, Feb 12, 2024 at 06:09:06PM +0100, Mats Kindahl wrote: > > Here are the two fixed patches. > > These patches look pretty good to me. Barring additional feedback, I'll > plan on committing them in the next few days. One thing that's worth checking is if this ends up with *worse* code when the comparators are inlined. I think none of the changed comparators will end up getting used with an inlined sort, but ... The reason we could end up with worse code is that when inlining the comparisons would make less sense for the compiler. Consider e.g. return DO_COMPARE(a, b) < 0 ? (DO_COMPARE(b, c) < 0 ? b : (DO_COMPARE(a, c) < 0 ? c : a)) : (DO_COMPARE(b, c) > 0 ? b : (DO_COMPARE(a, c) < 0 ? a : c)); With a naive implementation the compiler will understand it only cares about a < b, not about the other possibilities. I'm not sure that's still true with the more complicated optimized version. Greetings, Andres Freund