OSSForks/postgres
1
0
Fork 0
mirror of https://github.com/zebrajr/postgres.git synced 2025-12-06 12:20:15 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
976bad0433
postgres/contrib/intarray
History
Tom Lane d1fd7b290c Prevent buffer overrun while parsing an integer in a "query_int" value. 
contrib/intarray's gettoken() uses a fixed-size buffer to collect an
integer's digits, and did not guard against overrunning the buffer.
This is at least a backend crash risk, and in principle might allow
arbitrary code execution.  The code didn't check for overflow of the
integer value either, which while not presenting a crash risk was still
bad.

Thanks to Apple Inc's security team for reporting this issue and supplying
the fix.

Security: CVE-2010-4015
2011-01-27 17:43:22 -05:00
..
bench Add CVS tag lines to files that were lacking them. 2006-03-11 04:38:42 +00:00
data 1. Fixed error with empty array ( '{}' ), 2001-08-04 19:35:32 +00:00
expected Remove ill-considered (not to mention undocumented) attempt to make 2007-09-14 03:25:31 +00:00
sql Remove ill-considered (not to mention undocumented) attempt to make 2007-09-14 03:25:31 +00:00
_int_bool.c Prevent buffer overrun while parsing an integer in a "query_int" value. 2011-01-27 17:43:22 -05:00
_int_gin.c Fix ginint4_queryextract() to actually do what it was intended to do for an 2010-03-25 15:50:15 +00:00
_int_gist.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int_op.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int_tool.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int.h 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
_int.sql.in Mark contrib's GiST and GIN opclass support functions as STRICT, for safety. 2009-06-11 18:30:03 +00:00
_intbig_gist.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
.gitignore Some more gitignore cleanups: cover contrib and PL regression test outputs. 2010-09-22 17:23:00 -04:00
Makefile Remove references to READMEs from /contrib Makefiles. 2007-11-10 23:59:52 +00:00
uninstall__int.sql Revert my patch of 2009-04-04 that removed contrib/intarray's definitions of 2009-06-07 20:09:34 +00:00