Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)
Ranier Vilela <ranier.vf@gmail.com>
From: Ranier Vilela <ranier.vf@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Kyotaro Horiguchi <horikyota.ntt@gmail.com>,
Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2021-02-15T13:58:42Z
Lists: pgsql-hackers
Em dom., 14 de fev. de 2021 às 22:28, Michael Paquier <michael@paquier.xyz> escreveu: > On Sun, Feb 14, 2021 at 11:39:47AM -0300, Ranier Vilela wrote: > > What do you think? > > That's not a good idea for two reasons: > 1) There is CRC32 to worry about, which relies on a different logic. > 2) It would become easier to miss the new option as compilation would > not warn anymore if a new checksum type is added. > > I have reviewed my patch this morning, tweaked a comment, and applied > it. > Thanks for the commit. regards, Ranier Vilela
Commits
-
Add result size as argument of pg_cryptohash_final() for overflow checks
- b83dcf792869 14.0 landed