forked frompostgres/postgres
- Notifications
You must be signed in to change notification settings - Fork6
Commitbd28431
committed
Guard against enormously long input in pg_saslprep().
Coverity complained that pg_saslprep() could suffer integer overflow,leading to under-allocation of the output buffer, if the input stringexceeds SIZE_MAX/4. This hazard seems largely hypothetical, but it'seasy enough to defend against, so let's do so.This patch creates a third place in src/common/ where we are locallydefining MaxAllocSize so that we can test against that in the same wayin backend and frontend compiles. That seems like about two placestoo many, so the next patch will move that into common/fe_memutils.h.I'm hesitant to do that in back branches however.Back-patch to v14. The code looks similar in older branches, butbefore commit67a472d there was a separate test on the input stringlength that prevented this hazard.Per Coverity report.1 parent6cfb3a3 commitbd28431
1 file changed
+7
-0
lines changedLines changed: 7 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| 24 | + | |
24 | 25 | | |
25 | 26 | | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
26 | 31 | | |
27 | 32 | | |
28 | 33 | | |
| |||
1079 | 1084 | | |
1080 | 1085 | | |
1081 | 1086 | | |
| 1087 | + | |
| 1088 | + | |
1082 | 1089 | | |
1083 | 1090 | | |
1084 | 1091 | | |
| |||
0 commit comments
Comments
(0)