mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-04 18:16:59 +02:00
2c63dc0356
When processing a match tag, check to see if the claimed "off" is more than the distance back to the output buffer start. If it is, then the data is corrupt, and what's more we would fetch from outside the buffer boundaries and potentially incur a SIGSEGV. (Although the odds of that seem relatively low, given that "off" can't be more than 4K.) Back-patch to v13; before that, this function wasn't really trying to protect against bad data. Report and fix by Flavien Guedez. Discussion: https://postgr.es/m/01fc0593-e31e-463d-902c-dd43174acee2@oopacity.net |
||
---|---|---|
.. | ||
unicode | ||
.gitignore | ||
archive.c | ||
base64.c | ||
checksum_helper.c | ||
config_info.c | ||
controldata_utils.c | ||
cryptohash_openssl.c | ||
cryptohash.c | ||
d2s_full_table.h | ||
d2s_intrinsics.h | ||
d2s.c | ||
digit_table.h | ||
encnames.c | ||
exec.c | ||
f2s.c | ||
fe_memutils.c | ||
file_perm.c | ||
file_utils.c | ||
hashfn.c | ||
hmac_openssl.c | ||
hmac.c | ||
ip.c | ||
jsonapi.c | ||
keywords.c | ||
kwlookup.c | ||
link-canary.c | ||
logging.c | ||
Makefile | ||
md5_common.c | ||
md5_int.h | ||
md5.c | ||
pg_get_line.c | ||
pg_lzcompress.c | ||
pgfnames.c | ||
protocol_openssl.c | ||
psprintf.c | ||
relpath.c | ||
restricted_token.c | ||
rmtree.c | ||
ryu_common.h | ||
saslprep.c | ||
scram-common.c | ||
sha1_int.h | ||
sha1.c | ||
sha2_int.h | ||
sha2.c | ||
sprompt.c | ||
string.c | ||
stringinfo.c | ||
unicode_norm.c | ||
username.c | ||
wait_error.c | ||
wchar.c |