Re: [GENERAL] Security implications of (plpgsql) functions
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Bruce Momjian <pgman@candle.pha.pa.us>
Cc: Marcin Owsiany <marcin@owsiany.pl>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2002-10-21T16:02:42Z
Lists: pgsql-hackers, pgsql-general
Bruce Momjian <pgman@candle.pha.pa.us> writes: > Crash reproduced here. FWIW, I got a regular "out of memory" elog. But I can see that this would depend on the relative sizes of data limit and stack limit on a particular platform. > I think we need to fix this by > either setting a limit in the amount of function recursion, or allowing > only the offending backend to crash without forcing all the other > backends to crash. Unless you can think of a way to distinguish stack overflow from other kinds of SIGSEGV, I don't think we can avoid a system-wide restart. Reducing stack overflow to a plain elog(ERROR) would be really nice, but how? A depth limit for PL-function recursion is perhaps feasible, but I can't say that I care for it a whole lot ... anyone have better ideas? regards, tom lane