mirror of
https://github.com/postgres/postgres.git
synced 2026-02-25 10:50:50 -05:00
2e3bd06654
All known standard library implementations of these functions can fail with ENOMEM. A caller neglecting to check for failure would experience missing output, information exposure, or a crash. Check return values within wrappers and code, currently just snprintf.c, that bypasses the wrappers. The wrappers do not return after an error, so their callers need not check. Back-patch to 9.0 (all supported versions). Popular free software standard library implementations do take pains to bypass malloc() in simple cases, but they risk ENOMEM for floating point numbers, positional arguments, large field widths, and large precisions. No specification demands such caution, so this commit regards every call to a printf family function as a potential threat. Injecting the wrappers implicitly is a compromise between patch scope and design goals. I would prefer to edit each call site to name a wrapper explicitly. libpq and the ECPG libraries would, ideally, convey errors to the caller rather than abort(). All that would be painfully invasive for a back-patched security fix, hence this compromise. Security: CVE-2015-3166 |
||
|---|---|---|
| .. | ||
| editors | ||
| entab | ||
| findoidjoins | ||
| ifaddrs | ||
| make_diff | ||
| msvc | ||
| pginclude | ||
| pgindent | ||
| ccsym | ||
| check_bison_recursion.pl | ||
| codelines | ||
| copyright.pl | ||
| FAQ2txt | ||
| find_badmacros | ||
| find_static | ||
| find_typedef | ||
| git-external-diff | ||
| git_changelog | ||
| make_ctags | ||
| make_etags | ||
| make_mkid | ||
| pgtest | ||
| RELEASE_CHANGES | ||
| valgrind.supp | ||
| version_stamp.pl | ||
| win32tzlist.pl | ||