Avoid integer overflow and buffer overrun in hstore_to_json().
This back-patches commit 0c5783ff301ae3e470000c918bfc2395129de4c5 into the
9.3 branch. At the time, Heikki just thought he was fixing an unlikely
integer-overflow scenario, but in point of fact the original coding was
hopelessly broken: it supposed that escape_json never enlarges the data
more than 2X, which is wrong on its face. The revised code eliminates
making any a-priori assumptions about the output length.
Per report from Saul Costa. The bogus code doesn't exist before 9.3,
so no other branches need fixing.
Branch
------
REL9_3_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/f44290b7b3763f339ed66f883c0e85bb3c3c4e88
Modified Files
--------------
contrib/hstore/hstore_io.c | 150 ++++++++++++--------------------------------
1 file changed, 41 insertions(+), 109 deletions(-)