git.postgresql.org Git - users/gsingh/postgres.git/commit

author	Tomas Vondra <tomas.vondra@postgresql.org>
	Tue, 3 Dec 2019 15:55:51 +0000 (16:55 +0100)
committer	Tomas Vondra <tomas.vondra@postgresql.org>
	Tue, 3 Dec 2019 17:40:07 +0000 (18:40 +0100)
commit	b5273943679d22f58f1e1e269ad75e791172f557
tree	3b3128f7be41bbe50d55b9acb79b36efcd36e652	tree
parent	bf39b3af6a9c6a036aae0742cf339fce662eee3a	commit \| diff

Ensure maxlen is at leat 1 in dict_int

The dict_int text search dictionary template accepts maxlen parameter,
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does

txt[d->maxlen] = '\0';

to insert a terminator, leading to segfaults with negative values.

This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.

Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4

contrib/dict_int/dict_int.c		diff \| blob \| blame \| history
contrib/dict_int/expected/dict_int.out		diff \| blob \| blame \| history
contrib/dict_int/sql/dict_int.sql		diff \| blob \| blame \| history