Log Message: ----------- Adjust datetime parsing to be more robust. We now pass the length of the working buffer into ParseDateTime() and reject too-long input there, rather than checking the length of the input string before calling ParseDateTime(). The old method was bogus because ParseDateTime() can use a variable amount of working space, depending on the content of the input string (e.g. how many fields need to be NUL terminated). This fixes a minor stack overrun -- I don't _think_ it's exploitable, although I won't claim to be an expert. Along the way, fix a bug reported by Mark Dilger: the working buffer allocated by interval_in() was too short, which resulted in rejecting some perfectly valid interval input values. I added a regression test for this fix. Tags: ---- REL8_0_STABLE Modified Files: -------------- pgsql/src/backend/utils/adt: date.c (r1.104.4.1 -> r1.104.4.2) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/date.c.diff?r1=1.104.4.1&r2=1.104.4.2) datetime.c (r1.137.4.1 -> r1.137.4.2) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/datetime.c.diff?r1=1.137.4.1&r2=1.137.4.2) nabstime.c (r1.127 -> r1.127.4.1) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/nabstime.c.diff?r1=1.127&r2=1.127.4.1) timestamp.c (r1.117.4.1 -> r1.117.4.2) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/timestamp.c.diff?r1=1.117.4.1&r2=1.117.4.2) pgsql/src/include/utils: datetime.h (r1.52 -> r1.52.4.1) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/datetime.h.diff?r1=1.52&r2=1.52.4.1) pgsql/src/test/regress/expected: interval.out (r1.9 -> r1.9.6.1) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/interval.out.diff?r1=1.9&r2=1.9.6.1) pgsql/src/test/regress/sql: interval.sql (r1.5 -> r1.5.8.1) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/interval.sql.diff?r1=1.5&r2=1.5.8.1)
pgsql-committers by date:
Соглашаюсь с условиями обработки персональных данных