Skip site navigation (1) Skip section navigation (2)

pgsql: array_in() and array_recv() need to be more paranoid about

From: tgl(at)svr1(dot)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: array_in() and array_recv() need to be more paranoid about
Date: 2005-08-15 19:40:43
Message-ID: 20050815194043.DE9CA52E82@svr1.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
array_in() and array_recv() need to be more paranoid about validating
their OID parameter.  It was possible to crash the backend with
select array_in('{123}',0,0); because that would bypass the needed step
of initializing the workspace.  These seem to be the only two places
with a problem, though (record_in and record_recv don't have the issue,
and the other array functions aren't depending on user-supplied input).
Back-patch as far as 7.4; 7.3 does not have the bug.

Tags:
----
REL8_0_STABLE

Modified Files:
--------------
    pgsql/src/backend/utils/adt:
        arrayfuncs.c (r1.115.4.1 -> r1.115.4.2)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/arrayfuncs.c.diff?r1=1.115.4.1&r2=1.115.4.2)

pgsql-committers by date

Next:From: Tom LaneDate: 2005-08-15 19:41:07
Subject: pgsql: array_in() and array_recv() need to be more paranoid about
Previous:From: Tom LaneDate: 2005-08-15 19:40:20
Subject: pgsql: array_in() and array_recv() need to be more paranoid about

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group