| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Peter Geoghegan <pg(at)heroku(dot)com> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Further issues with jsonb semantics, documentation |
| Date: | 2015-06-12 23:31:09 |
| Message-ID: | 557B6BBD.1050106@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 06/12/2015 06:16 PM, Peter Geoghegan wrote:
> On Thu, Jun 4, 2015 at 5:43 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
>> BTW, there is a bug here -- strtol() needs additional defenses [1]
>> (before casting to int):
>>
>> postgres=# select jsonb_set('[1, 2, 3, 4,
>> 5,6,7,8,9,10,11,12,13,14,15,16,17,18]',
>> '{"9223372036854775806"}'::text[], '"Input unsanitized"', false) ;
>> jsonb_set
>> ----------------------------------------------------------------------------------
>> [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, "Input
>> unsanitized", 18]
>> (1 row)
>>
>> [1] https://www.securecoding.cert.org/confluence/display/cplusplus/INT06-CPP.+Use+strtol()+or+a+related+function+to+convert+a+string+token+to+an+integer
> I attach a fix for this bug. The commit message explains everything.
OK, pushed, although you'd have to be trying really hard to break this.
Still, it's reasonable to defend against.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2015-06-12 23:32:22 | Re: Further issues with jsonb semantics, documentation |
| Previous Message | Steve Kehlet | 2015-06-12 23:27:12 | Re: [HACKERS] 9.4.1 -> 9.4.2 problem: could not access status of transaction 1 |