Home > mailing lists

pgsql: Detect buffer underflow in get_th() - Mailing list pgsql-committers

From	Peter Eisentraut
Subject	pgsql: Detect buffer underflow in get_th()
Date	August 18 12:10:49
Msg-id	E1unvtA-000SVj-1U@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Detect buffer underflow in get_th()

Input with zero length can result in a buffer underflow when
accessing *(num + (len - 1)), as (len - 1) would produce a negative
index.  Add an assertion for zero-length input to prevent it.

This was found by ALT Linux Team.

Reviewing the call sites shows that get_th() currently cannot be
applied to an empty string: it is always called on a string containing
a number we've just printed.  Therefore, an assertion rather than a
user-facing error message is sufficient.

Co-authored-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Discussion: https://www.postgresql.org/message-id/flat/e22df993-cdb4-4d0a-b629-42211ebed582@altlinux.org

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/c61d51d50006a2a7bfe25d62ea0677e318febedc

Modified Files
--------------
src/backend/utils/adt/formatting.c | 2 ++
1 file changed, 2 insertions(+)

pgsql-committers by date:

From: Michael Paquier
Date: 18 August, 09:14:05
Subject: pgsql: Move SQL-callable code related to multixacts into its own file

pgsql: Detect buffer underflow in get_th() - Mailing list pgsql-committers

Previous