aboutsummaryrefslogtreecommitdiff
path: root/src/backend/utils/adt/xml.c
diff options
context:
space:
mode:
authorNathan Bossart <nathan@postgresql.org>2024-07-23 21:59:02 -0500
committerNathan Bossart <nathan@postgresql.org>2024-07-23 21:59:02 -0500
commit657e54a05859d51e0afb6e44557b5e8622ecd1fe (patch)
treec436647ced525977e85465d185d88d39e18cda71 /src/backend/utils/adt/xml.c
parent165ea79a60774a0e287bfc5dc07363194c6d58df (diff)
downloadpostgresql-657e54a05859d51e0afb6e44557b5e8622ecd1fe.tar.gz
postgresql-657e54a05859d51e0afb6e44557b5e8622ecd1fe.zip
Detect integer overflow in array_set_slice().
When provided an empty initial array, array_set_slice() fails to check for overflow when computing the new array's dimensions. While such overflows are ordinarily caught by ArrayGetNItems(), commands with the following form are accepted: INSERT INTO t (i[-2147483648:2147483647]) VALUES ('{}'); To fix, perform the hazardous computations using overflow-detecting arithmetic routines. As with commit 18b585155a, the added test cases generate errors that include a platform-dependent value, so we again use psql's VERBOSITY parameter to suppress printing the message text. Reported-by: Alexander Lakhin Author: Joseph Koshakow Reviewed-by: Jian He Discussion: https://postgr.es/m/31ad2cd1-db94-bdb3-f91a-65ffdb4bef95%40gmail.com Backpatch-through: 12
Diffstat (limited to 'src/backend/utils/adt/xml.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 19:36:22 +0000