On Mon, 12 Aug 2002, Florian Weimer wrote:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>
> > Justin Clift <justin@postgresql.org> writes:
> >> Am I understanding this right:
> >> - A PostgreSQL 7.2.1 server can be crashed if it gets passed certain
> >> date values which would be accepted by standard "front end" parsing?
> >
> > AFAIK it's a buffer overrun issue, so anything that looks like a
> > reasonable date would *not* cause the problem.
>
> Yes, but if you just check that the date given by the user matches the
> regular expression "[0-9]+-[0-9]+-[0-9]+", it's still possible to
> crash the backend.
Florian,
Anyone who is using that regular expression in an attempt to validate a
user supplied date is already in trouble.
Gavin