Skip site navigation (1) Skip section navigation (2)

pgsql: Adjust datetime parsing to be more robust.

From: neilc(at)svr1(dot)postgresql(dot)org (Neil Conway)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Adjust datetime parsing to be more robust.
Date: 2005-05-26 02:04:15
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-committers
Log Message:
Adjust datetime parsing to be more robust. We now pass the length of the
working buffer into ParseDateTime() and reject too-long input there,
rather than checking the length of the input string before calling
ParseDateTime(). The old method was bogus because ParseDateTime() can use
a variable amount of working space, depending on the content of the
input string (e.g. how many fields need to be NUL terminated). This fixes
a minor stack overrun -- I don't _think_ it's exploitable, although I
won't claim to be an expert.

Along the way, fix a bug reported by Mark Dilger: the working buffer
allocated by interval_in() was too short, which resulted in rejecting
some perfectly valid interval input values. I added a regression test for
this fix.

Modified Files:
        date.c (r1.108 -> r1.109)
        datetime.c (r1.144 -> r1.145)
        nabstime.c (r1.131 -> r1.132)
        timestamp.c (r1.123 -> r1.124)
        datetime.h (r1.53 -> r1.54)
        interval.out (r1.10 -> r1.11)
        interval.sql (r1.6 -> r1.7)

pgsql-committers by date

Next:From: Neil ConwayDate: 2005-05-26 02:10:03
Subject: pgsql: Adjust datetime parsing to be more robust.
Previous:From: Tom LaneDate: 2005-05-26 01:24:30
Subject: pgsql: Tweak the backend scanner (and psqlscan.l, which must track the

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group