orbisai0security opened a new pull request, #1744:
URL: https://github.com/apache/cloudberry/pull/1744

   ## Summary
   Fix critical severity security issue in 
`contrib/pg_stat_statements/pg_stat_statements.c`.
   
   ## Vulnerability
   | Field | Value |
   |-------|-------|
   | **ID** | V-004 |
   | **Severity** | CRITICAL |
   | **Scanner** | multi_agent_ai |
   | **Rule** | `V-004` |
   | **File** | `contrib/pg_stat_statements/pg_stat_statements.c:2680` |
   | **CWE** | CWE-120 |
   
   **Description**: The query normalization code in pg_stat_statements.c uses 
sprintf() at line 2684 to write parameter placeholders ('$N') into a 
pre-allocated buffer norm_query without bounds checking. Combined with memcpy 
calls at lines 2680 and 2699, if the cumulative writes exceed the allocated 
buffer size (e.g., due to a query with thousands of bind parameters where later 
placeholders like '$10000' are longer than earlier ones like '$1'), a heap 
buffer overflow occurs. Any authenticated database user with pg_stat_statements 
loaded can trigger this condition.
   
   ## Changes
   - `contrib/pg_stat_statements/pg_stat_statements.c`
   
   ## Verification
   - [x] Build passes
   - [x] Scanner re-scan confirms fix
   - [x] LLM code review passed
   
   ---
   *Automated security fix by [OrbisAI Security](https://orbisappsec.com)*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to