| From: | Nathan Bossart <nathan(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Detect integer overflow in array_set_slice(). |
| Date: | 2024-07-24 03:02:33 |
| Message-ID: | E1sWSGv-000vk0-7V@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Detect integer overflow in array_set_slice().
When provided an empty initial array, array_set_slice() fails to
check for overflow when computing the new array's dimensions.
While such overflows are ordinarily caught by ArrayGetNItems(),
commands with the following form are accepted:
INSERT INTO t (i[-2147483648:2147483647]) VALUES ('{}');
To fix, perform the hazardous computations using overflow-detecting
arithmetic routines. As with commit 18b585155a, the added test
cases generate errors that include a platform-dependent value, so
we again use psql's VERBOSITY parameter to suppress printing the
message text.
Reported-by: Alexander Lakhin
Author: Joseph Koshakow
Reviewed-by: Jian He
Discussion: https://postgr.es/m/31ad2cd1-db94-bdb3-f91a-65ffdb4bef95%40gmail.com
Backpatch-through: 12
Branch
------
REL_14_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/670fb9f187cd75b6928cc044897a1f468439e19d
Modified Files
--------------
src/backend/utils/adt/arrayfuncs.c | 9 ++++++++-
src/test/regress/expected/arrays.out | 4 ++++
src/test/regress/sql/arrays.sql | 2 ++
3 files changed, 14 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2024-07-24 04:36:16 | pgsql: Move all extern declarations for GUC variables to header files |
| Previous Message | Peter Eisentraut | 2024-07-23 13:15:02 | pgsql: Move extern declarations for EXEC_BACKEND to header files |