rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/test
History
Tom Lane e24daa94b2 Detect integer overflow while computing new array dimensions. 
array_set_element() and related functions allow an array to be
enlarged by assigning to subscripts outside the current array bounds.
While these places were careful to check that the new bounds are
allowable, they neglected to consider the risk of integer overflow
in computing the new bounds.  In edge cases, we could compute new
bounds that are invalid but get past the subsequent checks,
allowing bad things to happen.  Memory stomps that are potentially
exploitable for arbitrary code execution are possible, and so is
disclosure of server memory.

To fix, perform the hazardous computations using overflow-detecting
arithmetic routines, which fortunately exist in all still-supported
branches.

The test cases added for this generate (after patching) errors that
mention the value of MaxArraySize, which is platform-dependent.
Rather than introduce multiple expected-files, use psql's VERBOSITY
parameter to suppress the printing of the message text.  v11 psql
lacks that parameter, so omit the tests in that branch.

Our thanks to Pedro Gallegos for reporting this problem.

Security: CVE-2023-5869
 		2023-11-06 10:56:43 -05:00
..
authentication Refactor routine to find single log content pattern in TAP tests 2023-06-09 11:56:27 +09:00
examples Update copyright for 2023 2023-01-02 15:00:37 -05:00
icu initdb: change default --locale-provider back to libc. 2023-06-21 11:10:03 -07:00
isolation Fix EvalPlanQual rechecking during MERGE. 2023-09-30 10:54:29 +01:00
kerberos Spell the values of libpq's gssdelegation parameter as "0" and "1". 2023-05-22 11:50:27 -04:00
ldap Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
locale Update copyright for 2023 2023-01-02 15:00:37 -05:00
mb Fix MB regression tests for WAL-logging of hash indexes. 2017-03-15 07:25:36 -04:00
modules Fix 003_check_guc.pl when loading modules with custom GUCs 2023-11-02 12:38:23 +09:00
perl Don't trust unvalidated xl_tot_len. 2023-09-23 10:27:02 +12:00
recovery Fix edge-case for xl_tot_len broken by bae868ca. 2023-09-26 10:53:52 +13:00
regress Detect integer overflow while computing new array dimensions. 2023-11-06 10:56:43 -05:00
ssl Add newline at end of file 2023-05-23 15:18:06 +02:00
subscription Fix the ALTER SUBSCRIPTION to reflect the change in run_as_owner option. 2023-09-13 09:48:31 +05:30
Makefile Refactor PG_TEST_EXTRA logic in autoconf build 2022-09-20 11:24:16 -07:00
README Remove the option to build thread_test.c outside configure. 2020-10-21 12:08:48 -04:00
meson.build Update copyright for 2023 2023-01-02 15:00:37 -05:00

README 

PostgreSQL tests
================

This directory contains a variety of test infrastructure as well as some of the
tests in PostgreSQL. Not all tests are here -- in particular, there are more in
individual contrib/ modules and in src/bin.

Not all these tests get run by "make check". Check src/test/Makefile to see
which tests get run automatically.

authentication/
  Tests for authentication (but see also below)

examples/
  Demonstration programs for libpq that double as regression tests via
  "make check"

isolation/
  Tests for concurrent behavior at the SQL level

kerberos/
  Tests for Kerberos/GSSAPI authentication and encryption

ldap/
  Tests for LDAP-based authentication

locale/
  Sanity checks for locale data, encodings, etc

mb/
  Tests for multibyte encoding (UTF-8) support

modules/
  Extensions used only or mainly for test purposes, generally not suitable
  for installing in production databases

perl/
  Infrastructure for Perl-based TAP tests

recovery/
  Test suite for recovery and replication

regress/
  PostgreSQL's main regression test suite, pg_regress

ssl/
  Tests to exercise and verify SSL certificate handling

subscription/
  Tests for logical replication