| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Avoid integer overflow and buffer overrun in hstore_to_json(). |
| Date: | 2014-11-04 21:55:22 |
| Message-ID: | E1Xlm4Q-0007lk-4o@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Avoid integer overflow and buffer overrun in hstore_to_json().
This back-patches commit 0c5783ff301ae3e470000c918bfc2395129de4c5 into the
9.3 branch. At the time, Heikki just thought he was fixing an unlikely
integer-overflow scenario, but in point of fact the original coding was
hopelessly broken: it supposed that escape_json never enlarges the data
more than 2X, which is wrong on its face. The revised code eliminates
making any a-priori assumptions about the output length.
Per report from Saul Costa. The bogus code doesn't exist before 9.3,
so no other branches need fixing.
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/f44290b7b3763f339ed66f883c0e85bb3c3c4e88
Modified Files
--------------
contrib/hstore/hstore_io.c | 150 ++++++++++++--------------------------------
1 file changed, 41 insertions(+), 109 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2014-11-05 16:34:41 | pgsql: Fix volatility markings of some contrib I/O functions. |
| Previous Message | Peter Eisentraut | 2014-11-04 21:15:33 | pgsql: doc: Move misplaced paragraph |