hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Guo <paul...@gmail.com>
Subject Re: Thinking of how to fix HAWQ-1381
Date Wed, 08 Mar 2017 03:00:45 GMT
Intersting. sprintf kind of unsafe functions should be really avoided
unless some strong limitation in fmt is set. Maybe you could enlarge the
array length and use snprintf, but it risks truncating and you need to
append NULL byte for string if needed, or you allocate the size in need.

2017-03-08 10:29 GMT+08:00 Ma Hongxu <interma@outlook.com>:

> Hi all
> I found a hawq core dump issue: https://issues.apache.org/
> jira/browse/HAWQ-1381
>
> Briefly:
> buffer overflow here: src/backend/access/external/fileam.c:2610
> sprintf(extvar->GP_SEGMENT_ID, "%d", GetQEIndex());
>
> GetQEIndex() return -10000 on master and GP_SEGMENT_ID is char[6], no more
> space for '\0', so it happend.
>
> There are two ways to fix it:
>
>   1.  enlarge GP_SEGMENT_ID buffer, from char[6] to char[7]
>   2.  return other short interger instead of -10000 on master
>
> I think 1 is more straight, but have some risks (some callers assume the
> buffer size).
> And 2 also seems it's a magic number, may influence many places.
>
> Any suggestions? Thanks!
>
>
> --
> Regards,
> Hongxu.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message