rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend
History
Tom Lane e24daa94b2 Detect integer overflow while computing new array dimensions. 
array_set_element() and related functions allow an array to be
enlarged by assigning to subscripts outside the current array bounds.
While these places were careful to check that the new bounds are
allowable, they neglected to consider the risk of integer overflow
in computing the new bounds.  In edge cases, we could compute new
bounds that are invalid but get past the subsequent checks,
allowing bad things to happen.  Memory stomps that are potentially
exploitable for arbitrary code execution are possible, and so is
disclosure of server memory.

To fix, perform the hazardous computations using overflow-detecting
arithmetic routines, which fortunately exist in all still-supported
branches.

The test cases added for this generate (after patching) errors that
mention the value of MaxArraySize, which is platform-dependent.
Rather than introduce multiple expected-files, use psql's VERBOSITY
parameter to suppress the printing of the message text.  v11 psql
lacks that parameter, so omit the tests in that branch.

Our thanks to Pedro Gallegos for reporting this problem.

Security: CVE-2023-5869
 		2023-11-06 10:56:43 -05:00
..
access doc: 1-byte varlena headers can be used for user PLAIN storage 2023-10-31 09:10:35 -04:00
archive Redesign archive modules 2023-02-17 14:26:42 +09:00
backup Message wording improvements 2023-07-10 10:46:54 +02:00
bootstrap Fix CREATE INDEX progress reporting for multi-level partitioning. 2023-03-25 15:34:03 -04:00
catalog Fix checking of index expressions in CompareIndexInfo(). 2023-09-28 14:05:25 -04:00
commands Make some error strings more generic 2023-10-20 22:52:15 +02:00
executor Fix intra-query memory leak when a SRF returns zero rows. 2023-10-28 14:04:43 -04:00
foreign Expand some more uses of "deleg" to "delegation" or "delegated". 2023-05-21 10:55:18 -04:00
jit jit: Changes for LLVM 17. 2023-10-19 05:14:07 +13:00
lib Fix ILIST_DEBUG build 2023-01-18 10:26:15 -08:00
libpq Avoid potential pfree on NULL on OpenSSL errors 2023-09-22 11:18:25 +02:00
main Remove obsolete defense against strxfrm() bugs. 2023-04-20 13:20:14 +12:00
nodes Don't include CaseTestExpr in JsonValueExpr.formatted_expr 2023-07-21 19:28:31 +09:00
optimizer Avoid compiler warning in non-assert builds 2023-10-26 17:29:32 +09:00
parser Compute aggregate argument types correctly in transformAggregateCall(). 2023-11-06 10:38:00 -05:00
partitioning Fix incorrect step generation in HASH partition pruning 2023-10-12 19:51:26 +13:00
po Translation updates 2023-11-06 13:10:09 +01:00
port Update copyright for 2023 2023-01-02 15:00:37 -05:00
postmaster Avoid calling proc_exit() in processes forked by system(). 2023-10-17 10:41:58 -05:00
regex Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
replication Fix the misuse of origin filter across multiple pg_logical_slot_get_changes() calls. 2023-09-27 14:20:57 +05:30
rewrite Fix RLS policy usage in MERGE. 2023-08-07 09:27:09 +01:00
snowball Fix the install rule for snowball_create.sql. 2023-05-23 11:15:57 -04:00
statistics Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
storage Ban role pg_signal_backend from more superuser backend types. 2023-11-06 06:14:16 -08:00
tcop Be more rigorous about local variables in PostgresMain(). 2023-07-10 12:14:34 -04:00
tsearch Limit to_tsvector_byid's initial array allocation to something sane. 2023-09-25 11:50:28 -04:00
utils Detect integer overflow while computing new array dimensions. 2023-11-06 10:56:43 -05:00
.gitignore
Makefile Give postgres.exe the icon of other executables. 2023-06-12 07:40:38 -07:00
common.mk Blind attempt to fix LLVM dependency in the backend 2022-09-15 10:53:48 +07:00
meson.build Add win32ver data to meson-built postgres.exe. 2023-06-12 07:40:38 -07:00
nls.mk Add missing gettext triggers 2023-05-10 13:51:51 +02:00