Home > mailing lists

pgsql: to_char(): prevent writing beyond the allocated buffer - Mailing list pgsql-committers

From	Bruce Momjian
Subject	pgsql: to_char(): prevent writing beyond the allocated buffer
Date	February 7, 2015 05:16:19
Msg-id	E1YIIVa-0008Of-Lo@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

to_char():  prevent writing beyond the allocated buffer

Previously very long localized month and weekday strings could
overflow the allocated buffers, causing a server crash.

Reported and patch reviewed by Noah Misch.  Backpatch to all
supported versions.

Security: CVE-2015-0241

Branch
------
REL9_4_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/56d2bee9db219b21592c6fef9d29ce1d5e3c6c59

Modified Files
--------------
src/backend/utils/adt/formatting.c |  139 ++++++++++++++++++++++++++++++++----
1 file changed, 125 insertions(+), 14 deletions(-)

pgsql-committers by date:

From: Noah Misch
Date: 07 February 2015, 05:16:11
Subject: pgsql: Cherry-pick security-relevant fixes from upstream imath library.

From: Bruce Momjian
Date: 07 February 2015, 05:16:32
Subject: pgsql: to_char(): prevent writing beyond the allocated buffer

pgsql: to_char(): prevent writing beyond the allocated buffer - Mailing list pgsql-committers

Previous

Next