[PATCHES] contrib/pgbench bugfix

ITAGAKI Takahiro Sun, 30 Jul 2006 21:26:49 -0700

I found a buffer overflow bug in contrib/pgbench.
This occures when -c >= 2.




The type of 'state' is CState*, so we should use state+1 or &state[1],
not state + sizeof(*state)


*** pgbench.c   Mon Jul 31 13:18:45 2006
--- pgbench.fixed.c     Mon Jul 31 13:18:10 2006
*************** main(int argc, char **argv)
*** 1344,1350 ****
                        exit(1);
                }
  
!               memset(state + sizeof(*state), 0, sizeof(*state) * (nclients - 
1));
  
                for (i = 1; i < nclients; i++)
                {
--- 1344,1350 ----
                        exit(1);
                }
  
!               memset(state + 1, 0, sizeof(*state) * (nclients - 1));
  
                for (i = 1; i < nclients; i++)
                {

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq

[PATCHES] contrib/pgbench bugfix

Reply via email to