| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix assorted integer-overflow hazards in varbit.c. |
| Date: | 2016-10-14 20:28:52 |
| Message-ID: | E1bv964-0007XH-HI@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix assorted integer-overflow hazards in varbit.c.
bitshiftright() and bitshiftleft() would recursively call each other
infinitely if the user passed INT_MIN for the shift amount, due to integer
overflow in negating the shift amount. To fix, clamp to -VARBITMAXLEN.
That doesn't change the results since any shift distance larger than the
input bit string's length produces an all-zeroes result.
Also fix some places that seemed inadequately paranoid about input typmods
exceeding VARBITMAXLEN. While a typmod accepted by anybit_typmodin() will
certainly be much less than that, at least some of these spots are
reachable with user-chosen integer values.
Andreas Seltenreich and Tom Lane
Discussion: <87d1j2zqtz(dot)fsf(at)credativ(dot)de>
Branch
------
REL9_6_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/4338ac8e78e95dcc327e86fc9944bdae8c551c27
Modified Files
--------------
src/backend/utils/adt/varbit.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tatsuo Ishii | 2016-10-14 21:49:44 | pgsql: Remove spurious word. |
| Previous Message | Robert Haas | 2016-10-14 18:07:02 | Re: Re: [COMMITTERS] pgsql: Extend framework from commit 53be0b1ad to report latch waits. |