Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcbe733d

Browse files
committed
repeat() fix:
> Neil Conway <neilc@samurai.com> writes:> > + /* Check for integer overflow */> > + if (tlen / slen != count)> > + elog(ERROR, "Requested buffer is too large.");>> What about slen == 0?Good point -- that wouldn't cause incorrect results or a securityproblem, but it would reject input that we should really accept.Revised patch is attached.Neil Conway
1 parentc76f5aa commitcbe733d

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

‎src/backend/utils/adt/oracle_compat.c‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
*$Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.38 2002/06/20 20:51:45 momjian Exp $
12+
*$Header: /cvsroot/pgsql/src/backend/utils/adt/oracle_compat.c,v 1.39 2002/08/22 04:54:20 momjian Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -997,6 +997,10 @@ repeat(PG_FUNCTION_ARGS)
997997
slen= (VARSIZE(string)-VARHDRSZ);
998998
tlen= (VARHDRSZ+ (count*slen));
999999

1000+
/* Check for integer overflow */
1001+
if (slen!=0&&count!=0&&tlen /slen!=count)
1002+
elog(ERROR,"Requested buffer is too large.");
1003+
10001004
result= (text*)palloc(tlen);
10011005

10021006
VARATT_SIZEP(result)=tlen;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp