7ccb6dc2d3
contrib/intarray's gettoken() uses a fixed-size buffer to collect an integer's digits, and did not guard against overrunning the buffer. This is at least a backend crash risk, and in principle might allow arbitrary code execution. The code didn't check for overflow of the integer value either, which while not presenting a crash risk was still bad. Thanks to Apple Inc's security team for reporting this issue and supplying the fix. Security: CVE-2010-4015 |
||
|---|---|---|
| .. | ||
| bench | ||
| data | ||
| expected | ||
| sql | ||
| .gitignore | ||
| Makefile | ||
| _int.h | ||
| _int.sql.in | ||
| _int_bool.c | ||
| _int_gin.c | ||
| _int_gist.c | ||
| _int_op.c | ||
| _int_tool.c | ||
| _intbig_gist.c | ||
| uninstall__int.sql | ||