Re: pgsql: ecpg: Fix out-of-bound read in DecodeDateTime()
| От | Bruce Momjian |
|---|---|
| Тема | Re: pgsql: ecpg: Fix out-of-bound read in DecodeDateTime() |
| Дата | |
| Msg-id | ZyOX1OhWgrTHS4G-@momjian.us обсуждение исходный текст |
| Ответ на | pgsql: ecpg: Fix out-of-bound read in DecodeDateTime() (Michael Paquier <michael@paquier.xyz>) |
| Список | pgsql-committers |
Great, thanks for applying this. I was traveling so am only now back to looking at this. --------------------------------------------------------------------------- On Tue, Oct 22, 2024 at 11:35:51PM +0000, Michael Paquier wrote: > ecpg: Fix out-of-bound read in DecodeDateTime() > > It was possible for the code to read out-of-bound data from the > "day_tab" table with some crafted input data. Let's treat these as > invalid input as the month number is incorrect. > > A test is added to test this case with a check on the errno returned by > the decoding routine. A test close to the new one added in this commit > was testing for a failure, but did not look at the errno generated, so > let's use this commit to also change it, adding a check on the errno > returned by DecodeDateTime(). > > Like the other test scripts, dt_test should likely be expanded to > include more checks based on the errnos generated in these code paths. > This is left as future work. > > This issue exists since 2e6f97560a83, so backpatch all the way down. > > Reported-by: Pavel Nekrasov > Author: Bruce Momjian, Pavel Nekrasov > Discussion: https://postgr.es/m/18614-6bbe00117352309e@postgresql.org > Backpatch-through: 12 > > Branch > ------ > master > > Details > ------- > https://git.postgresql.org/pg/commitdiff/a0bff38d133ac95fb56bbd868a128bba95ec46c9 > > Modified Files > -------------- > src/interfaces/ecpg/pgtypeslib/dt_common.c | 6 +- > .../ecpg/test/expected/pgtypeslib-dt_test.c | 76 +++++++++++++++------- > .../ecpg/test/expected/pgtypeslib-dt_test.stderr | 42 ++++++------ > .../ecpg/test/expected/pgtypeslib-dt_test.stdout | 3 +- > src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc | 30 +++++++++ > 5 files changed, 109 insertions(+), 48 deletions(-) > -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com When a patient asks the doctor, "Am I going to die?", he means "Am I going to die soon?"
В списке pgsql-committers по дате отправления: