orbisai0security opened a new pull request, #1744:
URL: https://github.com/apache/cloudberry/pull/1744
## Summary
Fix critical severity security issue in
`contrib/pg_stat_statements/pg_stat_statements.c`.
## Vulnerability
| Field | Value |
|-------|-------|
| **ID** | V-004 |
| **Severity** | CRITICAL |
| **Scanner** | multi_agent_ai |
| **Rule** | `V-004` |
| **File** | `contrib/pg_stat_statements/pg_stat_statements.c:2680` |
| **CWE** | CWE-120 |
**Description**: The query normalization code in pg_stat_statements.c uses
sprintf() at line 2684 to write parameter placeholders ('$N') into a
pre-allocated buffer norm_query without bounds checking. Combined with memcpy
calls at lines 2680 and 2699, if the cumulative writes exceed the allocated
buffer size (e.g., due to a query with thousands of bind parameters where later
placeholders like '$10000' are longer than earlier ones like '$1'), a heap
buffer overflow occurs. Any authenticated database user with pg_stat_statements
loaded can trigger this condition.
## Changes
- `contrib/pg_stat_statements/pg_stat_statements.c`
## Verification
- [x] Build passes
- [x] Scanner re-scan confirms fix
- [x] LLM code review passed
---
*Automated security fix by [OrbisAI Security](https://orbisappsec.com)*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]