Quick Links

Re: [PATCH] intarray: prevent crash in _int_matchsel on invalid query_int input

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Eugeny Goryachev <gorcom2012(at)gmail(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: [PATCH] intarray: prevent crash in _int_matchsel on invalid query_int input
Date:	2026-03-04 14:51:32
Message-ID:	1404727.1772635892@sss.pgh.pa.us
Views:	Whole Thread \| Raw Message \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Eugeny Goryachev <gorcom2012(at)gmail(dot)com> writes:
> The selectivity function _int_matchsel() in contrib/intarray
> assumes that the right-hand argument is a valid query_int datum.
> If a malformed or binary-incompatible value is passed (for example,
> via an implicit cast from a user-defined type created WITHOUT FUNCTION),
> the function may dereference an invalid pointer and crash.

Didn't we fix that in CVE-2026-2004?

regards, tom lane

In response to

[PATCH] intarray: prevent crash in _int_matchsel on invalid query_int input at 2026-03-04 13:02:51 from Eugeny Goryachev

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Nazir Bilal Yavuz	2026-03-04 15:15:53	Re: Speed up COPY FROM text/CSV parsing using SIMD
Previous Message	Dave Cramer	2026-03-04 14:26:05	Re: Proposal to allow setting cursor options on Portals