Re: pg_cryptohash_final possible out-of-bounds access (per Coverity)
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Ranier Vilela <ranier.vf@gmail.com>
Cc: Kyotaro Horiguchi <horikyota.ntt@gmail.com>, Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2021-02-15T01:28:19Z
Lists: pgsql-hackers
On Sun, Feb 14, 2021 at 11:39:47AM -0300, Ranier Vilela wrote: > What do you think? That's not a good idea for two reasons: 1) There is CRC32 to worry about, which relies on a different logic. 2) It would become easier to miss the new option as compilation would not warn anymore if a new checksum type is added. I have reviewed my patch this morning, tweaked a comment, and applied it. -- Michael
Commits
-
Add result size as argument of pg_cryptohash_final() for overflow checks
- b83dcf792869 14.0 landed