Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)

Ranier Vilela <ranier.vf@gmail.com>

From: Ranier Vilela <ranier.vf@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Kyotaro Horiguchi <horikyota.ntt@gmail.com>, Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2021-02-15T13:58:42Z
Lists: pgsql-hackers
Em dom., 14 de fev. de 2021 às 22:28, Michael Paquier <michael@paquier.xyz>
escreveu:

> On Sun, Feb 14, 2021 at 11:39:47AM -0300, Ranier Vilela wrote:
> > What do you think?
>
> That's not a good idea for two reasons:
> 1) There is CRC32 to worry about, which relies on a different logic.
> 2) It would become easier to miss the new option as compilation would
> not warn anymore if a new checksum type is added.
>
> I have reviewed my patch this morning, tweaked a comment, and applied
> it.
>
Thanks for the commit.

regards,
Ranier Vilela

Commits

  1. Add result size as argument of pg_cryptohash_final() for overflow checks