upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-18 01:59:53 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Tom Lane 2c63dc0356 Improve pglz_decompress's defenses against corrupt compressed data. 
When processing a match tag, check to see if the claimed "off"
is more than the distance back to the output buffer start.
If it is, then the data is corrupt, and what's more we would
fetch from outside the buffer boundaries and potentially incur
a SIGSEGV.  (Although the odds of that seem relatively low, given
that "off" can't be more than 4K.)

Back-patch to v13; before that, this function wasn't really
trying to protect against bad data.

Report and fix by Flavien Guedez.

Discussion: https://postgr.es/m/01fc0593-e31e-463d-902c-dd43174acee2@oopacity.net
2023-10-18 20:43:17 -04:00
..
backend jit: Changes for LLVM 17. 2023-10-19 05:16:00 +13:00
bin Don't spuriously report FD_SETSIZE exhaustion on Windows. 2023-10-14 15:54:49 -07:00
common Improve pglz_decompress's defenses against corrupt compressed data. 2023-10-18 20:43:17 -04:00
fe_utils Don't spuriously report FD_SETSIZE exhaustion on Windows. 2023-10-14 15:54:49 -07:00
include jit: Supply LLVMGlobalGetValueType() for LLVM < 8. 2023-10-19 03:03:46 +13:00
interfaces Translation updates 2023-05-08 14:33:02 +02:00
makefiles Add NO_INSTALL option to pgxs 2021-05-27 13:58:29 +02:00
pl Remove environment sensitivity in pl/tcl regression test. 2023-09-29 20:20:57 -04:00
port Fix detection of unseekable files for fseek() and ftello() with MSVC 2023-04-12 09:09:58 +09:00
template On NetBSD, force dynamic symbol resolution at postmaster start. 2022-08-30 17:29:03 -04:00
test Back-patch test cases for timetz_zone/timetz_izone. 2023-10-17 13:55:45 -04:00
timezone Update time zone data files to tzdata release 2023c. 2023-04-18 14:46:39 -04:00
tools Fix exception safety bug in typcache.c. 2023-09-13 14:46:16 +12:00
tutorial Doc: sync src/tutorial/basics.source with SGML documentation. 2022-11-19 13:09:14 -05:00
.gitignore
DEVELOPERS
Makefile Remove the option to build thread_test.c outside configure. 2020-10-21 12:08:48 -04:00
Makefile.global.in Suppress macOS warnings about duplicate libraries in link commands. 2023-09-29 14:07:30 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
nls-global.mk Add errhint_plural() function and make use of it 2021-03-31 09:16:25 +02:00