Re: pgsql-server/src/backend/utils/adt oracle_compat.c

Поиск
Список
Период
Сортировка
От Bruce Momjian
Тема Re: pgsql-server/src/backend/utils/adt oracle_compat.c
Дата
Msg-id 200208220505.g7M55S315291@candle.pha.pa.us
обсуждение исходный текст
Ответ на Re: pgsql-server/src/backend/utils/adt oracle_compat.c  (Neil Conway <neilc@samurai.com>)
Список pgsql-committers
Дерево обсуждения 
OK, updated patch attached.

---------------------------------------------------------------------------

Neil Conway wrote:
> momjian@postgresql.org (Bruce Momjian - CVS) writes:
> > Modified files:
> >     src/backend/utils/adt: oracle_compat.c
> >
> > Log message:
> >     repeat() fix:
> >
> >     > Neil Conway <neilc@samurai.com> writes:
> >     > > +   /* Check for integer overflow */
> >     > > +   if (tlen / slen != count)
> >     > > +           elog(ERROR, "Requested buffer is too large.");
> >     >
> >     > What about slen == 0?
> >
> >     Good point -- that wouldn't cause incorrect results or a security
> >     problem, but it would reject input that we should really accept.
> >
> >     Revised patch is attached.
>
> This is the wrong version of the patch -- please apply the updated
> patch I sent to -hackers (which is the same one I sent to you via
> private mal).
>
> Also, this should be applied to REL7_2_STABLE as well, IMHO.
>
> Cheers,
>
> Neil
>
> --
> Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/users-lounge/docs/faq.html
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
Index: src/backend/utils/adt/oracle_compat.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/oracle_compat.c,v
retrieving revision 1.37
diff -c -r1.37 oracle_compat.c
*** src/backend/utils/adt/oracle_compat.c    8 Jan 2002 17:03:41 -0000    1.37
--- src/backend/utils/adt/oracle_compat.c    21 Aug 2002 21:03:59 -0000
***************
*** 997,1002 ****
--- 997,1012 ----
      slen = (VARSIZE(string) - VARHDRSZ);
      tlen = (VARHDRSZ + (count * slen));

+     /* Check for integer overflow */
+     if (slen != 0 && count != 0)
+     {
+         int check = count * slen;
+         int check2 = check + VARHDRSZ;
+
+         if ((check / slen) != count || check2 <= check)
+             elog(ERROR, "Requested buffer is too large.");
+     }
+
      result = (text *) palloc(tlen);

      VARATT_SIZEP(result) = tlen;

В списке pgsql-committers по дате отправления: