| From: | Tomas Vondra <tomas(dot)vondra(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Ensure maxlen is at leat 1 in dict_int |
| Date: | 2019-12-03 17:42:38 |
| Message-ID: | E1icCC6-0006NN-2z@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Ensure maxlen is at leat 1 in dict_int
The dict_int text search dictionary template accepts maxlen parameter,
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does
txt[d->maxlen] = '\0';
to insert a terminator, leading to segfaults with negative values.
This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.
Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4
Branch
------
REL9_6_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/fabdad822287d6aac6a80fc57a97d38bd7456958
Modified Files
--------------
contrib/dict_int/dict_int.c | 5 +++++
contrib/dict_int/expected/dict_int.out | 2 ++
contrib/dict_int/sql/dict_int.sql | 2 ++
3 files changed, 9 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2019-12-03 17:43:04 | pgsql: Ensure maxlen is at leat 1 in dict_int |
| Previous Message | Tomas Vondra | 2019-12-03 17:42:06 | pgsql: Ensure maxlen is at leat 1 in dict_int |