On Mon, Jul 15, 2013 at 5:59 PM, Alvaro Herrera <alvhe...@2ndquadrant.com> wrote: > Xi Wang escribió: >> Intel's icc and PathScale's pathcc compilers optimize away several >> overflow checks, since they consider signed integer overflow as >> undefined behavior. This leads to a vulnerable binary. > > This thread died without reaching a conclusion. Noah Misch, Robert Haas > and Greg Stark each gave a +1 to the patches, but Tom Lane gave them a > -inf; so they weren't applied. However, I think everyone walked away > with the feeling that Tom is wrong on this. > > Meanwhile Xi Wang and team published a paper: > http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf > > Postgres is mentioned a number of times in this paper -- mainly to talk > about the bugs we leave unfixed. > > It might prove useful to have usable these guys' STACK checker output > available continuously, so that if we happen to introduce more bugs in > the future, it alerts us about that.
Yeah, I think we ought to apply those patches. I don't suppose you have links handy? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
