| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: pg_freespacemap: Fix declaration of pg_freespace(regclass) |
| Date: | 2025-01-08 04:18:00 |
| Message-ID: | E1tVNW3-000RZY-VT@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
pg_freespacemap: Fix declaration of pg_freespace(regclass)
This function called generate_series() without enforcing its input
argument types, making possible for an attacker to catch this call, by
defining for example a generate_series(int,bigint).
The internals of pg_freespace(regclass) are changed to force the use of
bigint for the inputs of generate_series(). A more consistent style is
applied for all its hardcoded values, while on it.
Issue introduced in 3f323eba89fb.
Reported-by: Noah Misch
Reviewed-by: Noah Misch
Discussion: https://postgr.es/m/20250106190428.ec.nmisch@google.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e0c3d5122e6a4114af3092b7938c9b43d619e62c
Modified Files
--------------
contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2025-01-08 07:37:02 | pgsql: Remove useless function declaration |
| Previous Message | Thomas Munro | 2025-01-08 04:14:35 | pgsql: Fix C error reported by Oracle compiler. |