Fix assorted integer-overflow hazards in varbit.c.
bitshiftright() and bitshiftleft() would recursively call each other
infinitely if the user passed INT_MIN for the shift amount, due to integer
overflow in negating the shift amount. To fix, clamp to -VARBITMAXLEN.
That doesn't change the results since any shift distance larger than the
input bit string's length produces an all-zeroes result.
Also fix some places that seemed inadequately paranoid about input typmods
exceeding VARBITMAXLEN. While a typmod accepted by anybit_typmodin() will
certainly be much less than that, at least some of these spots are
reachable with user-chosen integer values.
Andreas Seltenreich and Tom Lane
Discussion: <87d1j2zqtz.fsf@credativ.de>
Branch
------
REL9_2_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/a567b7c11b311e4ea3a2668591b48ae52021961d
Modified Files
--------------
src/backend/utils/adt/varbit.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
