upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-18 18:25:17 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Nathan Bossart a57d168653 Detect integer overflow in array_set_slice(). 
When provided an empty initial array, array_set_slice() fails to
check for overflow when computing the new array's dimensions.
While such overflows are ordinarily caught by ArrayGetNItems(),
commands with the following form are accepted:

	INSERT INTO t (i[-2147483648:2147483647]) VALUES ('{}');

To fix, perform the hazardous computations using overflow-detecting
arithmetic routines.  As with commit 18b585155a, the added test
cases generate errors that include a platform-dependent value, so
we again use psql's VERBOSITY parameter to suppress printing the
message text.

Reported-by: Alexander Lakhin
Author: Joseph Koshakow
Reviewed-by: Jian He
Discussion: https://postgr.es/m/31ad2cd1-db94-bdb3-f91a-65ffdb4bef95%40gmail.com
Backpatch-through: 12
2024-07-23 21:59:02 -05:00
..
backend Detect integer overflow in array_set_slice(). 2024-07-23 21:59:02 -05:00
bin Make sure to run pg_isready on correct port 2024-07-13 08:08:18 -04:00
common Fix overread in JSON parsing errors for incomplete byte sequences 2024-05-09 12:45:43 +09:00
fe_utils Fix PL/pgSQL's handling of integer ranges containing underscores. 2024-06-04 11:51:25 +01:00
include Ensure vacuum removes all visibly dead tuples older than OldestXmin 2024-07-19 12:11:41 -04:00
interfaces Fix PL/pgSQL's handling of integer ranges containing underscores. 2024-06-04 11:51:25 +01:00
makefiles Use --strip-unneeded when stripping static libraries with GNU strip. 2023-04-20 18:12:32 -04:00
pl Doc: improve description of plpgsql's FETCH and MOVE commands. 2024-07-22 19:43:33 -04:00
port Fix gai_strerror() thread-safety on Windows. 2024-02-12 11:14:42 +13:00
template Use unnamed POSIX semaphores on Cygwin. 2023-01-06 10:33:28 +13:00
test Detect integer overflow in array_set_slice(). 2024-07-23 21:59:02 -05:00
timezone Update time zone data files to tzdata release 2024a. 2024-02-01 15:57:53 -05:00
tools Cope with <regex.h> name clashes. 2024-07-06 11:18:29 +12:00
tutorial Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
.gitignore
DEVELOPERS
Makefile Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
Makefile.global.in Suppress macOS warnings about duplicate libraries in link commands. 2023-09-29 14:07:30 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
meson.build Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
nls-global.mk Fix for make unportability 2022-07-13 09:15:01 +02:00