rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend
History
Tom Lane edc0a8d82a Detect integer overflow while computing new array dimensions. 
array_set_element() and related functions allow an array to be
enlarged by assigning to subscripts outside the current array bounds.
While these places were careful to check that the new bounds are
allowable, they neglected to consider the risk of integer overflow
in computing the new bounds.  In edge cases, we could compute new
bounds that are invalid but get past the subsequent checks,
allowing bad things to happen.  Memory stomps that are potentially
exploitable for arbitrary code execution are possible, and so is
disclosure of server memory.

To fix, perform the hazardous computations using overflow-detecting
arithmetic routines, which fortunately exist in all still-supported
branches.

The test cases added for this generate (after patching) errors that
mention the value of MaxArraySize, which is platform-dependent.
Rather than introduce multiple expected-files, use psql's VERBOSITY
parameter to suppress the printing of the message text.  v11 psql
lacks that parameter, so omit the tests in that branch.

Our thanks to Pedro Gallegos for reporting this problem.

Security: CVE-2023-5869
 		2023-11-06 10:56:43 -05:00
..
access doc: 1-byte varlena headers can be used for user PLAIN storage 2023-10-31 09:10:35 -04:00
bootstrap Rethink definition of pg_attribute.attcompression. 2021-05-27 13:24:27 -04:00
catalog Fix checking of index expressions in CompareIndexInfo(). 2023-09-28 14:05:25 -04:00
commands Ensure we have a snapshot while dropping ON COMMIT DROP temp tables. 2023-10-16 14:06:11 -04:00
executor Fix intra-query memory leak when a SRF returns zero rows. 2023-10-28 14:04:43 -04:00
foreign Update copyright for 2021 2021-01-02 13:06:25 -05:00
jit jit: Changes for LLVM 17. 2023-10-19 05:16:00 +13:00
lib Fix lock assertions in dshash.c. 2022-07-11 15:47:12 +12:00
libpq Raise fixed token-length limit in hba.c. 2023-07-27 12:07:48 -04:00
main Fix outdated --help message for postgres -f 2022-08-15 13:37:38 +09:00
nodes Remove inappropriate raw_expression_tree_walker() code 2023-06-29 10:35:53 +02:00
optimizer Fix problems when a plain-inheritance parent table is excluded. 2023-10-24 14:48:34 -04:00
parser Compute aggregate argument types correctly in transformAggregateCall(). 2023-11-06 10:38:00 -05:00
partitioning Fix incorrect step generation in HASH partition pruning 2023-10-12 19:52:31 +13:00
po Translation updates 2023-11-06 13:19:51 +01:00
port Reject huge_pages=on if shared_memory_type=sysv. 2021-10-26 13:09:00 +13:00
postmaster Avoid calling proc_exit() in processes forked by system(). 2023-10-17 10:42:12 -05:00
regex Avoid character classification in regex escape parsing. 2023-04-21 08:20:32 -07:00
replication Fix uninitialized access to InitialRunningXacts during decoding after ERROR. 2023-09-12 10:12:51 +05:30
rewrite Fix typo in comment. 2023-06-16 10:19:33 +09:00
snowball In the Snowball dictionary, don't try to stem excessively-long words. 2022-08-31 10:42:05 -04:00
statistics Remove unnecessary code in dependency_is_compatible_expression(). 2023-03-14 11:10:45 -04:00
storage Ban role pg_signal_backend from more superuser backend types. 2023-11-06 06:14:17 -08:00
tcop Be more rigorous about local variables in PostgresMain(). 2023-07-10 12:14:34 -04:00
tsearch Limit to_tsvector_byid's initial array allocation to something sane. 2023-09-25 11:50:28 -04:00
utils Detect integer overflow while computing new array dimensions. 2023-11-06 10:56:43 -05:00
.gitignore Add .gitignore entries for AIX-specific intermediate build artifacts. 2015-07-08 20:44:22 -04:00
Makefile Use sort_template.h for qsort_tuple() and qsort_ssup(). 2021-03-03 17:02:32 +13:00
common.mk Remove PARTIAL_LINKING build mode. 2018-03-30 17:33:04 -07:00
nls.mk Translation updates 2021-09-20 16:23:13 +02:00