pgsql: Predict integer overflow to avoid buffer overruns.

Predict integer overflow to avoid buffer overruns.

Several functions, mostly type input functions, calculated an allocation
size such that the calculation wrapped to a small positive value when
arguments implied a sufficiently-large requirement.  Writes past the end
of the inadvertent small allocation followed shortly thereafter.
Coverity identified the path_in() vulnerability; code inspection led to
the rest.  In passing, add check_stack_depth() to prevent stack overflow
in related functions.

Back-patch to 8.4 (all supported versions).  The non-comment hstore
changes touch code that did not exist in 8.4, so that part stops at 9.0.

Noah Misch and Heikki Linnakangas, reviewed by Tom Lane.

Security: CVE-2014-0064

Branch
------
REL9_0_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/2c3203e18551343db11ed9d372cd2a25d65d3f35

Modified Files
--------------
contrib/hstore/hstore.h              |   15 ++++++++++++---
contrib/hstore/hstore_io.c           |   21 +++++++++++++++++++++
contrib/hstore/hstore_op.c           |   15 +++++++++++++++
contrib/intarray/_int.h              |    2 ++
contrib/intarray/_int_bool.c         |    9 +++++++++
contrib/ltree/ltree.h                |    3 +++
contrib/ltree/ltree_io.c             |   11 +++++++++++
contrib/ltree/ltxtquery_io.c         |   13 ++++++++++++-
src/backend/utils/adt/geo_ops.c      |   30 ++++++++++++++++++++++++++++--
src/backend/utils/adt/tsquery.c      |    7 ++++++-
src/backend/utils/adt/tsquery_util.c |    5 +++++
src/backend/utils/adt/txid.c         |   15 +++++----------
src/backend/utils/adt/varbit.c       |   32 ++++++++++++++++++++++++++++++--
src/include/tsearch/ts_type.h        |    3 +++
src/include/utils/varbit.h           |    7 +++++++
15 files changed, 169 insertions(+), 19 deletions(-)