| From: | Peter Geoghegan <pg(at)heroku(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Further issues with jsonb semantics, documentation |
| Date: | 2015-06-12 22:16:48 |
| Message-ID: | CAM3SWZT=jU7-EBTAr_ZkipL=KWG_YF9HCtiMPvow7zmRL0aLdw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jun 4, 2015 at 5:43 PM, Peter Geoghegan <pg(at)heroku(dot)com> wrote:
>
> BTW, there is a bug here -- strtol() needs additional defenses [1]
> (before casting to int):
>
> postgres=# select jsonb_set('[1, 2, 3, 4,
> 5,6,7,8,9,10,11,12,13,14,15,16,17,18]',
> '{"9223372036854775806"}'::text[], '"Input unsanitized"', false) ;
> jsonb_set
> ----------------------------------------------------------------------------------
> [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, "Input
> unsanitized", 18]
> (1 row)
>
> [1] https://www.securecoding.cert.org/confluence/display/cplusplus/INT06-CPP.+Use+strtol()+or+a+related+function+to+convert+a+string+token+to+an+integer
I attach a fix for this bug. The commit message explains everything.
--
Peter Geoghegan
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Fix-path-infrastructure-bug-affecting-jsonb_set.patch | text/x-patch | 1.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sehrope Sarkuni | 2015-06-12 22:36:05 | Re: Entities created in one query not available in another in extended protocol |
| Previous Message | Michael Nolan | 2015-06-12 22:07:01 | Re: On columnar storage |