Hi hackers!
SerializeLibraryState() writes 1 byte too much into the buffer pointed
to by start_address. This is the very last '\0' it writes after the
loop. Attached is a patch that fixes the problem by accounting for that
extra byte in EstimateLibraryStateSpace()
--
David Geier
(ServiceNow)
From d0ddfe09e4264f449ac75cd95d6312b44240cfbb Mon Sep 17 00:00:00 2001
From: David Geier <geidav...@gmail.com>
Date: Tue, 10 Jun 2025 14:54:25 +0200
Subject: [PATCH] Fix buffer overflow in SerializeLibraryState()
---
src/backend/utils/fmgr/dfmgr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/backend/utils/fmgr/dfmgr.c b/src/backend/utils/fmgr/dfmgr.c
index 4bb84ff7087..e3901a63b41 100644
--- a/src/backend/utils/fmgr/dfmgr.c
+++ b/src/backend/utils/fmgr/dfmgr.c
@@ -702,7 +702,7 @@ EstimateLibraryStateSpace(void)
file_scanner = file_scanner->next)
size = add_size(size, strlen(file_scanner->filename) + 1);
- return size;
+ return size + 1; /* Additional byte for final \0 byte */
}
/*
--
2.34.1
