diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2016-10-14 16:28:34 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2016-10-14 16:28:34 -0400 |
| commit | 75c9d9a674a1feec3c02aa83e3f24275e6d4cba5 (patch) | |
| tree | 39c47f9b0cec5e102bb5bc58e1544b1e9381c471 /src/backend/utils/adt/json.c | |
| parent | 3cd504254f604a37adefc2bd9d43a0a6041463fd (diff) | |
| download | postgresql-75c9d9a674a1feec3c02aa83e3f24275e6d4cba5.tar.gz postgresql-75c9d9a674a1feec3c02aa83e3f24275e6d4cba5.zip | |
Fix assorted integer-overflow hazards in varbit.c.
bitshiftright() and bitshiftleft() would recursively call each other
infinitely if the user passed INT_MIN for the shift amount, due to integer
overflow in negating the shift amount. To fix, clamp to -VARBITMAXLEN.
That doesn't change the results since any shift distance larger than the
input bit string's length produces an all-zeroes result.
Also fix some places that seemed inadequately paranoid about input typmods
exceeding VARBITMAXLEN. While a typmod accepted by anybit_typmodin() will
certainly be much less than that, at least some of these spots are
reachable with user-chosen integer values.
Andreas Seltenreich and Tom Lane
Discussion: <87d1j2zqtz.fsf@credativ.de>
Diffstat (limited to 'src/backend/utils/adt/json.c')
0 files changed, 0 insertions, 0 deletions