Re: "buffer overflow detected" when running SHOW POOL_STATUS

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Tatsuo Ishii <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Re: "buffer overflow detected" when running SHOW POOL_STATUS
Date: Tue, 02 Dec 2025 14:02:05 +0900 (JST)
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAEy4EGXPw9cU6C6TSCK1FODs0ZK3P3COmsoGU69UFzWeip4b_w@mail.gmail.com>
References: <CAEy4EGWmgs3oQ2k-0rR3gvh3FQFnN9dajEtakBfxDJeyYiDBgA@mail.gmail.com>
	<[email protected]>
	<CAEy4EGXPw9cU6C6TSCK1FODs0ZK3P3COmsoGU69UFzWeip4b_w@mail.gmail.com>

>> Unfortunately, I was not able to reproduce the issue on my Ubuntu 24
>> and Rocky Linux 10.1 box (pgpool is compiled from source code).
>> So there are some questions:
>>
>> - Is the issue occurred even when you execute other pgpool command?
>>   (for example "show pool_processes")
> 
> No. Only getting this issue when running SHOW POOL_STATUS

I found a bug with SHOW POOL_STATUS (and pcp_pool_status). The bug
broke the data segment used for the conversion from binary form of
backend flag (in this case ALWAYS_PRIMARY. Other flag does not raise
the issue) to string representation, which caused the buffer overflow
issue.

Attached is the patch to fix the issue.

Best regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp



Attachments:

  [text/x-patch] fix_backend_flag.patch (816B, 2-fix_backend_flag.patch)
  download | inline diff:
diff --git a/src/config/pool_config.l b/src/config/pool_config.l
index b16130293..defedffbd 100644
--- a/src/config/pool_config.l
+++ b/src/config/pool_config.l
@@ -6,7 +6,7 @@
  * pgpool: a language independent connection pool server for PostgreSQL
  * written by Tatsuo Ishii
  *
- * Copyright (c) 2003-2024	PgPool Global Development Group
+ * Copyright (c) 2003-2025	PgPool Global Development Group
  *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
@@ -654,7 +654,7 @@ char *pool_flag_to_str(unsigned short flag)
 		if (*buf == '\0')
 			snprintf(buf, sizeof(buf), "ALWAYS_PRIMARY");
 		else
-			snprintf(buf+strlen(buf), sizeof(buf), "|ALWAYS_PRIMARY");
+			strncat(buf, "|ALWAYS_PRIMARY", sizeof(buf));
 	}
 
 	return buf;

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: "buffer overflow detected" when running SHOW POOL_STATUS
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox