On 09/07/2026 15:55, Heikki Linnakangas wrote:
On 08/07/2026 22:16, Peter Eisentraut wrote:
In pqDrainPending(), there is

     nread = pqsecure_read(conn, conn->inBuffer + conn->inEnd,
                           bytes_pending);
     conn->inEnd += nread;

But pqsecure_read() can return -1 for error.  So adding that to conn-  >inEnd at that point seems wrong.

There is error handling in the following code, but this would still kind of corrupt the conn->inEnd value?

     /* When there are bytes pending, the read function is not supposed to fail */
     if (nread != bytes_pending)
     {
         libpq_append_conn_error(conn,
                                 "drained only %zu of %zd pending bytes in transport buffer",
                                 nread, bytes_pending);
         return -1;
     }

I'm not sure if that comment means that a -1 return cannot happen?  Or just that the whole error check should not happen?

The comment in pgsecure_bytes_pending() says:

 * If pqsecure_read() is called for this number of bytes, it's guaranteed to
 * return successfully without reading from the underlying socket.  See
 * pqDrainPending() for a more complete discussion of the concepts involved.

so as long as pqsecure_read() and pqsecure_read_pending() honor that contract, pqsecure_read() should not return an error. I agree that's a bit sloppy though, we should still check the return value.

The intention was also that it cannot do a short read, but that wasn't quite clear from the comment either.

Also note that the format placeholder for nread is wrong.  If you do get a -1, it will print some large unsigned value.

Good catch.

Patch attached to clean up all that.

Committed that, and Daniel's #include fix for LibreSSL too.

- Heikki


Reply via email to