| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Protect against overflow of ltree.numlevel and lquery.numlevel. |
| Date: | 2020-03-28 21:10:11 |
| Message-ID: | E1jIIiZ-0003Hr-BZ@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Protect against overflow of ltree.numlevel and lquery.numlevel.
These uint16 fields could be overflowed by excessively long input,
producing strange results. Complain for invalid input.
Likewise check for out-of-range values of the repeat counts in lquery.
(We don't try too hard on that one, notably not bothering to detect
if atoi's result has overflowed.)
Also detect length overflow in ltree_concat.
In passing, be more consistent about whether "syntax error" messages
include the type name. Also, clarify the documentation about what
the size limit is.
This has been broken for a long time, so back-patch to all supported
branches.
Nikita Glukhov, reviewed by Benjie Gillam and Tomas Vondra
Discussion: https://postgr.es/m/CAP_rww=waX2Oo6q+MbMSiZ9ktdj6eaJj0cQzNu=Ry2cCDij5fw@mail.gmail.com
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/2bb6bdbe5da77eab44abf6512779a4aa04419700
Modified Files
--------------
contrib/ltree/expected/ltree.out | 46 ++++++++++++++++++++++++++++++++++
contrib/ltree/ltree.h | 2 ++
contrib/ltree/ltree_io.c | 54 ++++++++++++++++++++++++++--------------
contrib/ltree/ltree_op.c | 9 ++++++-
contrib/ltree/sql/ltree.sql | 11 ++++++++
doc/src/sgml/ltree.sgml | 3 +--
6 files changed, 104 insertions(+), 21 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2020-03-28 22:25:12 | Re: pgsql: Add kqueue(2) support to the WaitEventSet API. |
| Previous Message | Andres Freund | 2020-03-28 19:30:04 | pgsql: Ensure snapshot is registered within ScanPgRelation(). |