c8h4/postgresql
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
postgresql/contrib/ltree
History
Noah Misch 31400a6733 Predict integer overflow to avoid buffer overruns. 
Several functions, mostly type input functions, calculated an allocation
size such that the calculation wrapped to a small positive value when
arguments implied a sufficiently-large requirement.  Writes past the end
of the inadvertent small allocation followed shortly thereafter.
Coverity identified the path_in() vulnerability; code inspection led to
the rest.  In passing, add check_stack_depth() to prevent stack overflow
in related functions.

Back-patch to 8.4 (all supported versions).  The non-comment hstore
changes touch code that did not exist in 8.4, so that part stops at 9.0.

Noah Misch and Heikki Linnakangas, reviewed by Tom Lane.

Security: CVE-2014-0064
2014-02-17 09:33:31 -05:00
..
data Add ltree data type to contrib, from Teodor Sigaev and Oleg Bartunov. 2002-07-30 16:40:34 +00:00
expected Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
sql Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
.gitignore Support "make check" in contrib 2011-04-25 22:27:11 +03:00
_ltree_gist.c Replace int2/int4 in C code with int16/int32 2012-06-25 01:51:46 +03:00
_ltree_op.c Remove unnecessary #include references, per pgrminclude script. 2011-09-01 10:04:27 -04:00
crc32.c Add postgres.h to *.c files for pg_upgrade, ltree, and btree_gist, and 2011-08-26 21:16:24 -04:00
crc32.h Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
lquery_op.c Remove unnecessary #include references, per pgrminclude script. 2011-09-01 10:04:27 -04:00
ltree--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
ltree--unpackaged--1.0.sql Throw a useful error message if an extension script file is fed to psql. 2011-10-12 15:45:03 -04:00
ltree.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
ltree.h Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltree_gist.c Replace int2/int4 in C code with int16/int32 2012-06-25 01:51:46 +03:00
ltree_io.c Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltree_op.c Split tuple struct defs from htup.h to htup_details.h 2012-08-30 16:52:35 -04:00
ltreetest.sql Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
ltxtquery_io.c Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltxtquery_op.c Remove unreachable code 2012-07-16 22:15:03 +03:00
Makefile Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00