Home > mailing lists

pgsql: Guard against overly-long numeric formatting symbols from locale - Mailing list pgsql-committers

From	Tom Lane
Subject	pgsql: Guard against overly-long numeric formatting symbols from locale
Date	April 22 19:41:15
Msg-id	E1wFadW-002Bey-23@gemulon.postgresql.org Whole thread
List	pgsql-committers

Tree view

Guard against overly-long numeric formatting symbols from locale.

to_char() allocates its output buffer with 8 bytes per formatting
code in the pattern.  If the locale's currency symbol, thousands
separator, or decimal or sign symbol is more than 8 bytes long,
in principle we could overrun the output buffer.  No such locales
exist in the real world, so it seems sufficient to truncate the
symbol if we do see it's too long.

Reported-by: Xint Code
Author: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/638232.1776790821@sss.pgh.pa.us
Backpatch-through: 14

Branch
------
REL_16_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/e1e60f148a3aa937f1bf92dd50bb4b24051fd0e2

Modified Files
--------------
src/backend/utils/adt/formatting.c | 61 +++++++++++++++++++++++++++-----------
1 file changed, 43 insertions(+), 18 deletions(-)

pgsql-committers by date:

From: Tom Lane
Date: 22 April, 19:02:25
Subject: pgsql: Prevent some buffer overruns in spell.c's parsing of affix files

From: Peter Geoghegan
Date: 22 April, 19:47:33
Subject: pgsql: Harmonize function parameter names for Postgres 19.

pgsql: Guard against overly-long numeric formatting symbols from locale - Mailing list pgsql-committers

Previous

Next