From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | Re: pgsql: ecpg: Fix out-of-bound read in DecodeDateTime() |
Date: | 2024-10-31 14:44:36 |
Message-ID: | ZyOX1OhWgrTHS4G-@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Great, thanks for applying this. I was traveling so am only now back to
looking at this.
---------------------------------------------------------------------------
On Tue, Oct 22, 2024 at 11:35:51PM +0000, Michael Paquier wrote:
> ecpg: Fix out-of-bound read in DecodeDateTime()
>
> It was possible for the code to read out-of-bound data from the
> "day_tab" table with some crafted input data. Let's treat these as
> invalid input as the month number is incorrect.
>
> A test is added to test this case with a check on the errno returned by
> the decoding routine. A test close to the new one added in this commit
> was testing for a failure, but did not look at the errno generated, so
> let's use this commit to also change it, adding a check on the errno
> returned by DecodeDateTime().
>
> Like the other test scripts, dt_test should likely be expanded to
> include more checks based on the errnos generated in these code paths.
> This is left as future work.
>
> This issue exists since 2e6f97560a83, so backpatch all the way down.
>
> Reported-by: Pavel Nekrasov
> Author: Bruce Momjian, Pavel Nekrasov
> Discussion: https://postgr.es/m/18614-6bbe00117352309e@postgresql.org
> Backpatch-through: 12
>
> Branch
> ------
> master
>
> Details
> -------
> https://git.postgresql.org/pg/commitdiff/a0bff38d133ac95fb56bbd868a128bba95ec46c9
>
> Modified Files
> --------------
> src/interfaces/ecpg/pgtypeslib/dt_common.c | 6 +-
> .../ecpg/test/expected/pgtypeslib-dt_test.c | 76 +++++++++++++++-------
> .../ecpg/test/expected/pgtypeslib-dt_test.stderr | 42 ++++++------
> .../ecpg/test/expected/pgtypeslib-dt_test.stdout | 3 +-
> src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc | 30 +++++++++
> 5 files changed, 109 insertions(+), 48 deletions(-)
>
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
When a patient asks the doctor, "Am I going to die?", he means
"Am I going to die soon?"
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2024-10-31 16:26:24 | pgsql: Fix refreshing physical relfilenumber on shared index |
Previous Message | Daniel Gustafsson | 2024-10-31 10:47:29 | pgsql: Remove duplicate words in comments |