diff options
| author | Tom Lane | 2015-01-30 18:05:09 +0000 |
|---|---|---|
| committer | Tom Lane | 2015-01-30 18:05:09 +0000 |
| commit | 7c41a32b3ffcabfa0082e21e51ebefe9badb1d27 (patch) | |
| tree | 7a4a8526518f5bb1351586fa146abe330d906e35 /src/timezone | |
| parent | da8954b76b8eb288cca8b2707a65b1d4efa0b700 (diff) | |
Fix Coverity warning about contrib/pgcrypto's mdc_finish().
Coverity points out that mdc_finish returns a pointer to a local buffer
(which of course is gone as soon as the function returns), leaving open
a risk of misbehaviors possibly as bad as a stack overwrite.
In reality, the only possible call site is in process_data_packets()
which does not examine the returned pointer at all. So there's no
live bug, but nonetheless the code is confusing and risky. Refactor
to avoid the issue by letting process_data_packets() call mdc_finish()
directly instead of going through the pullf_read() API.
Although this is only cosmetic, it seems good to back-patch so that
the logic in pgp-decrypt.c stays in sync across all branches.
Marko Kreen
Diffstat (limited to 'src/timezone')
0 files changed, 0 insertions, 0 deletions