On Thu, Mar 14, 2024 at 10:56:46AM +0100, Daniel Gustafsson wrote: > + /* don't allow destroys of read-only StringInfos */ > + Assert(str->maxlen != 0); > Considering that StringInfo.c don't own the memory here I think it's warranted > to turn this assert into an elog() to avoid the risk of use-after-free bugs.
Hmm. I am not sure how much protection this would offer, TBH. One thing that I find annoying with common/stringinfo.c as it is currently is that we have two exit() calls in the enlarge path, and it does not seem wise to me to spread that even more. My last argument sounds like a nit for HEAD knowing that this does not impact libpq that has its own pqexpbuffer.c to avoid issues with palloc, elog and exit, but that could be a problem if OAuth relies more on these code paths in libpq. -- Michael
signature.asc
Description: PGP signature