pgsql: ecpg: Fix out-of-bound read in DecodeDateTime()
| От | Michael Paquier |
|---|---|
| Тема | pgsql: ecpg: Fix out-of-bound read in DecodeDateTime() |
| Дата | |
| Msg-id | E1t3OPn-001ySq-Qu@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
ecpg: Fix out-of-bound read in DecodeDateTime() It was possible for the code to read out-of-bound data from the "day_tab" table with some crafted input data. Let's treat these as invalid input as the month number is incorrect. A test is added to test this case with a check on the errno returned by the decoding routine. A test close to the new one added in this commit was testing for a failure, but did not look at the errno generated, so let's use this commit to also change it, adding a check on the errno returned by DecodeDateTime(). Like the other test scripts, dt_test should likely be expanded to include more checks based on the errnos generated in these code paths. This is left as future work. This issue exists since 2e6f97560a83, so backpatch all the way down. Reported-by: Pavel Nekrasov Author: Bruce Momjian, Pavel Nekrasov Discussion: https://postgr.es/m/18614-6bbe00117352309e@postgresql.org Backpatch-through: 12 Branch ------ REL_14_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/9a51d4af12a7add717f7f2e4b82985b3a7a092f4 Modified Files -------------- src/interfaces/ecpg/pgtypeslib/dt_common.c | 6 +- .../ecpg/test/expected/pgtypeslib-dt_test.c | 76 +++++++++++++++------- .../ecpg/test/expected/pgtypeslib-dt_test.stderr | 42 ++++++------ .../ecpg/test/expected/pgtypeslib-dt_test.stdout | 3 +- src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc | 30 +++++++++ 5 files changed, 109 insertions(+), 48 deletions(-)
В списке pgsql-committers по дате отправления: