| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Avoid potential buffer overflow crash |
| Date: | 2013-11-23 14:45:11 |
| Message-ID: | E1VkESN-0000fH-PS@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Avoid potential buffer overflow crash
A pointer to a C string was treated as a pointer to a "name" datum and
passed to SPI_execute_plan(). This pointer would then end up being
passed through datumCopy(), which would try to copy the entire 64 bytes
of name data, thus running past the end of the C string. Fix by
converting the string to a proper name structure.
Found by LLVM AddressSanitizer.
Branch
------
REL9_0_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/44032290dd23ccc0c227ee2af4f9e8c0e58077e8
Modified Files
--------------
src/backend/utils/adt/ruleutils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2013-11-23 23:25:36 | pgsql: Ensure _dosmaperr() actually sets errno correctly. |
| Previous Message | Tom Lane | 2013-11-22 19:38:11 | pgsql: Flatten join alias Vars before pulling up targetlist items from |