Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1vQIWs-004Q5E-1N
	for pgpool-general@arkaria.postgresql.org;
	Tue, 02 Dec 2025 05:02:22 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1vQIWr-005eMz-1o
	for pgpool-general@arkaria.postgresql.org;
	Tue, 02 Dec 2025 05:02:21 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vQIWr-005eMs-0o
	for pgpool-general@lists.postgresql.org;
	Tue, 02 Dec 2025 05:02:21 +0000
Received: from meldrar.postgresql.org ([2a02:c0:301:0:ffff::31])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vQIWn-002fjw-22
	for pgpool-general@lists.postgresql.org;
	Tue, 02 Dec 2025 05:02:19 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=postgresql.org; s=20171124; h=Content-Transfer-Encoding:Content-Type:
	Mime-Version:References:In-Reply-To:From:Subject:Cc:To:Message-Id:Date:Sender
	:Reply-To:Content-ID:Content-Description;
	bh=HCgLdKFBIWEuXut0vkaeMHlVvXfTMS3tIswHqMCOMQo=; b=CCz382lBIndGczx6KsmnOqVY0p
	GDTWyqelKHGtBAoaQXmHnBrtuTZwCWvyZJRCP5bcssIhiX2ow2J6aq7JBUhIUqmjMvJ8Z2Duk6gZo
	vLCwrXV4hxf/eyi2hpAPYQxJMoMQl2hl0KGIW/buIE5dkCgIwK44QtrbHzCdrZghA4IGRbkYbpodT
	erE5h+PGoP8Y3F9V639t4Q+3bIFA25mQLcIHJqQMjmhuIETR9DD6qockPFRREyWqItnIqhC3UBMqf
	cJqjMylgF0yvbCWL2S2Nhgl+YToOh/arMLWuyS0qdhMALdhUCU1mXFgRVh21DqFn05qnMndnNvBuC
	H0chGsyA==;
Received: from [2409:11:4120:300:a2a0:c470:46e1:54af] (helo=localhost)
	by meldrar.postgresql.org with esmtpsa  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vQIWk-006HeC-2I;
	Tue, 02 Dec 2025 05:02:17 +0000
Date: Tue, 02 Dec 2025 14:02:05 +0900 (JST)
Message-Id: <20251202.140205.427777414210613577.ishii@postgresql.org>
To: zam6ak@gmail.com
Cc: pgpool-general@lists.postgresql.org
Subject: Re: "buffer overflow detected" when running SHOW POOL_STATUS
From: Tatsuo Ishii <ishii@postgresql.org>
In-Reply-To: 
 <CAEy4EGXPw9cU6C6TSCK1FODs0ZK3P3COmsoGU69UFzWeip4b_w@mail.gmail.com>
References: 
 <CAEy4EGWmgs3oQ2k-0rR3gvh3FQFnN9dajEtakBfxDJeyYiDBgA@mail.gmail.com>
	<20251130.102712.131456481338876013.ishii@postgresql.org>
	<CAEy4EGXPw9cU6C6TSCK1FODs0ZK3P3COmsoGU69UFzWeip4b_w@mail.gmail.com>
X-Mailer: Mew version 6.8 on Emacs 29.3
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Tue_Dec__2_14_02_05_2025_420)--"
Content-Transfer-Encoding: 7bit
X-Host-Lookup-Failed: Reverse DNS lookup failed for
 2409:11:4120:300:a2a0:c470:46e1:54af (failed)
List-Id: <pgpool-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgpool-general@lists.postgresql.org>
List-Owner: <mailto:pgpool-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgpool-general>
Archived-At: 
 <https://www.postgresql.org/message-id/20251202.140205.427777414210613577.ishii%40postgresql.org>
Precedence: bulk

----Next_Part(Tue_Dec__2_14_02_05_2025_420)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

>> Unfortunately, I was not able to reproduce the issue on my Ubuntu 24
>> and Rocky Linux 10.1 box (pgpool is compiled from source code).
>> So there are some questions:
>>
>> - Is the issue occurred even when you execute other pgpool command?
>>   (for example "show pool_processes")
> 
> No. Only getting this issue when running SHOW POOL_STATUS

I found a bug with SHOW POOL_STATUS (and pcp_pool_status). The bug
broke the data segment used for the conversion from binary form of
backend flag (in this case ALWAYS_PRIMARY. Other flag does not raise
the issue) to string representation, which caused the buffer overflow
issue.

Attached is the patch to fix the issue.

Best regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp


----Next_Part(Tue_Dec__2_14_02_05_2025_420)--
Content-Type: Text/X-Patch; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="fix_backend_flag.patch"

diff --git a/src/config/pool_config.l b/src/config/pool_config.l
index b16130293..defedffbd 100644
--- a/src/config/pool_config.l
+++ b/src/config/pool_config.l
@@ -6,7 +6,7 @@
  * pgpool: a language independent connection pool server for PostgreSQL
  * written by Tatsuo Ishii
  *
- * Copyright (c) 2003-2024	PgPool Global Development Group
+ * Copyright (c) 2003-2025	PgPool Global Development Group
  *
  * Permission to use, copy, modify, and distribute this software and
  * its documentation for any purpose and without fee is hereby
@@ -654,7 +654,7 @@ char *pool_flag_to_str(unsigned short flag)
 		if (*buf == '\0')
 			snprintf(buf, sizeof(buf), "ALWAYS_PRIMARY");
 		else
-			snprintf(buf+strlen(buf), sizeof(buf), "|ALWAYS_PRIMARY");
+			strncat(buf, "|ALWAYS_PRIMARY", sizeof(buf));
 	}
 
 	return buf;

----Next_Part(Tue_Dec__2_14_02_05_2025_420)----