postgresql-interfaces/psqlodbc GitHub issues and pull requests (mirror)help / color / mirror / Atom feed
[postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status 4+ messages / 3 participants [nested] [flat]
* [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status @ 2026-01-04 16:57 "0xYashwanth (@0xYashwanth)" <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: 0xYashwanth (@0xYashwanth) @ 2026-01-04 16:57 UTC (permalink / raw) To: postgresql-interfaces/psqlodbc <[email protected]> **bug causing out-of-bounds memory access in `AddUpdated()` when updating cached row status.** In the `else if (upd_idx >= 0)` branch at line 2691, the code updates `res->updated_keyset[upd_idx].status` but then incorrectly accesses `res->added_tuples + num_fields * upd_add_idx` to clear cached data. When a row's status in the `updated_keyset` array is modified, the corresponding cached tuple data must be invalidated. The invariant is: **for any index `i`, the tuple cache entry is stored at `base_array + num_fields * i`**. Since we're modifying `updated_keyset[upd_idx]`, the corresponding tuple cache is at `updated_tuples + num_fields * upd_idx`. Using the wrong base array (`added_tuples`) or wrong index (`upd_add_idx = -1`) violates this and produces undefined behavior. ## Fix ```c tuple = res->updated_tuples + num_fields * upd_idx; ``` ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status @ 2026-01-04 19:11 ` "davecramer (@davecramer)" <[email protected]> 2 siblings, 0 replies; 4+ messages in thread From: davecramer (@davecramer) @ 2026-01-04 19:11 UTC (permalink / raw) To: postgresql-interfaces/psqlodbc <[email protected]> is there a way to test this ? ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status @ 2026-04-28 08:58 ` "jarvis24young (@jarvis24young)" <[email protected]> 2 siblings, 0 replies; 4+ messages in thread From: jarvis24young (@jarvis24young) @ 2026-04-28 08:58 UTC (permalink / raw) To: postgresql-interfaces/psqlodbc <[email protected]> @davecramer is there already testcases when u merged this? ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status @ 2026-04-29 01:15 ` "jarvis24young (@jarvis24young)" <[email protected]> 2 siblings, 0 replies; 4+ messages in thread From: jarvis24young (@jarvis24young) @ 2026-04-29 01:15 UTC (permalink / raw) To: postgresql-interfaces/psqlodbc <[email protected]> @0xYashwanth Without such a reproducer, I agree the code fix is correct, but it is hard to assess the practical exploitability or whether a black-box regression test can be added. ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2026-04-29 01:15 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2026-01-04 16:57 [postgresql-interfaces/psqlodbc] PR #151: bug causing out-of-bounds memory access in AddUpdated when updating cached row status "0xYashwanth (@0xYashwanth)" <[email protected]> 2026-01-04 19:11 ` "davecramer (@davecramer)" <[email protected]> 2026-04-28 08:58 ` "jarvis24young (@jarvis24young)" <[email protected]> 2026-04-29 01:15 ` "jarvis24young (@jarvis24young)" <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox