rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/include/utils
History
Tom Lane edc0a8d82a Detect integer overflow while computing new array dimensions. 
array_set_element() and related functions allow an array to be
enlarged by assigning to subscripts outside the current array bounds.
While these places were careful to check that the new bounds are
allowable, they neglected to consider the risk of integer overflow
in computing the new bounds.  In edge cases, we could compute new
bounds that are invalid but get past the subsequent checks,
allowing bad things to happen.  Memory stomps that are potentially
exploitable for arbitrary code execution are possible, and so is
disclosure of server memory.

To fix, perform the hazardous computations using overflow-detecting
arithmetic routines, which fortunately exist in all still-supported
branches.

The test cases added for this generate (after patching) errors that
mention the value of MaxArraySize, which is platform-dependent.
Rather than introduce multiple expected-files, use psql's VERBOSITY
parameter to suppress the printing of the message text.  v11 psql
lacks that parameter, so omit the tests in that branch.

Our thanks to Pedro Gallegos for reporting this problem.

Security: CVE-2023-5869
 		2023-11-06 10:56:43 -05:00
..
.gitignore Revert "Add gitignore entries for jsonpath_gram.h" 2019-03-23 00:19:34 +01:00
acl.h Fix has_column_privilege function corner case 2021-03-31 13:55:25 -04:00
aclchk_internal.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
array.h Detect integer overflow while computing new array dimensions. 2023-11-06 10:56:43 -05:00
arrayaccess.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
ascii.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
attoptcache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
backend_progress.h Initial pgindent and pgperltidy run for v14. 2021-05-12 13:14:10 -04:00
backend_status.h Initial pgindent and pgperltidy run for v14. 2021-05-12 13:14:10 -04:00
builtins.h Fix ordering of XIDs in ProcArrayApplyRecoveryInfo 2022-01-27 20:15:37 +01:00
bytea.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
cash.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
catcache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
combocid.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
date.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
datetime.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
datum.h Allow Memoize to operate in binary comparison mode 2021-11-24 10:07:38 +13:00
dsa.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
dynahash.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
elog.h Avoid calling proc_exit() in processes forked by system(). 2023-10-17 10:42:12 -05:00
evtcache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
expandeddatum.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
expandedrecord.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
float.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
fmgrtab.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
formatting.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
freepage.h Fix relptr's encoding of the base address. 2022-06-27 11:45:03 +12:00
geo_decls.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
guc.h Allow compute_query_id to be set to 'auto' and make it default 2021-05-15 14:13:09 -04:00
guc_tables.h Be more wary about NULL values for GUC string variables. 2023-11-02 11:47:33 -04:00
help_config.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
hsearch.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
index_selfuncs.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
inet.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
int8.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
inval.h Avoid race in RelationBuildDesc() affecting CREATE INDEX CONCURRENTLY. 2021-10-23 18:36:42 -07:00
json.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
jsonb.h Implementation of subscripting for jsonb 2021-01-31 23:50:40 +03:00
jsonfuncs.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
jsonpath.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
logtape.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
lsyscache.h Preserve pg_attribute.attstattarget across REINDEX CONCURRENTLY 2021-02-10 13:06:48 +09:00
memdebug.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
memutils.h Add function to log the memory contexts of specified backend process. 2021-04-06 13:44:15 +09:00
multirangetypes.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
numeric.h Change return type of EXTRACT to numeric 2021-04-06 07:20:42 +02:00
old_snapshot.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
palloc.h Expand palloc/pg_malloc API for more type safety 2022-09-14 06:08:34 +02:00
partcache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
pg_crc.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
pg_locale.h Revert per-index collation version tracking feature. 2021-05-07 21:10:11 +12:00
pg_lsn.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
pg_rusage.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
pidfile.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
plancache.h Improve performance of repeated CALLs within plpgsql procedures. 2021-01-25 22:28:29 -05:00
portal.h Fix Portal snapshot tracking to handle subtransactions properly. 2021-10-01 11:10:12 -04:00
ps_status.h Refactor ps_status.c API 2020-03-11 16:38:31 +01:00
queryenvironment.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
queryjumble.h Add compute_query_id = regress 2022-02-22 10:23:49 +09:00
rangetypes.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
regproc.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
rel.h Make our back branches build under -fkeep-inline-functions. 2023-01-20 11:58:12 -05:00
relcache.h Avoid race in RelationBuildDesc() affecting CREATE INDEX CONCURRENTLY. 2021-10-23 18:36:42 -07:00
relfilenodemap.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
relmapper.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
relptr.h Fix relptr's encoding of the base address. 2022-06-27 11:45:03 +12:00
reltrigger.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
resowner.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
resowner_private.h Refactor HMAC implementations 2021-04-03 17:30:49 +09:00
rls.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
ruleutils.h pageinspect: Fix gist_page_items() with included columns 2023-05-19 12:38:18 +09:00
sampling.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
selfuncs.h Initial pgindent and pgperltidy run for v14. 2021-05-12 13:14:10 -04:00
sharedtuplestore.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
snapmgr.h Make our back branches build under -fkeep-inline-functions. 2023-01-20 11:58:12 -05:00
snapshot.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
sortsupport.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
spccache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
syscache.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
timeout.h Detect POLLHUP/POLLRDHUP while running queries. 2021-04-03 09:02:41 +13:00
timestamp.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
tuplesort.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
tuplestore.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
typcache.h Fix typo 2021-08-25 10:15:05 +02:00
tzparser.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
uuid.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
varbit.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
varlena.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
wait_event.h Fix waiting in RegisterSyncRequest(). 2022-03-16 15:35:42 +13:00
xid8.h Update copyright for 2021 2021-01-02 13:06:25 -05:00
xml.h Update copyright for 2021 2021-01-02 13:06:25 -05:00