Skip site navigation (1) Skip section navigation (2)

pgsql: array_in() and array_recv() need to be more paranoid about

From: tgl(at)svr1(dot)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: array_in() and array_recv() need to be more paranoid about
Date: 2005-08-15 19:40:20
Message-ID: 20050815194020.020C952A2F@svr1.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
array_in() and array_recv() need to be more paranoid about validating
their OID parameter.  It was possible to crash the backend with
select array_in('{123}',0,0); because that would bypass the needed step
of initializing the workspace.  These seem to be the only two places
with a problem, though (record_in and record_recv don't have the issue,
and the other array functions aren't depending on user-supplied input).
Back-patch as far as 7.4; 7.3 does not have the bug.

Modified Files:
--------------
    pgsql/src/backend/utils/adt:
        arrayfuncs.c (r1.121 -> r1.122)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/arrayfuncs.c.diff?r1=1.121&r2=1.122)

pgsql-committers by date

Next:From: Tom LaneDate: 2005-08-15 19:40:43
Subject: pgsql: array_in() and array_recv() need to be more paranoid about
Previous:From: Tom LaneDate: 2005-08-15 19:05:59
Subject: pgsql: int_array_enum function should be using fcinfo->flinfo->fn_extra

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group