git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tomas Vondra <tomas.vondra@postgresql.org>
	Tue, 3 Dec 2019 15:55:51 +0000 (16:55 +0100)
committer	Tomas Vondra <tomas.vondra@postgresql.org>
	Tue, 3 Dec 2019 17:41:29 +0000 (18:41 +0100)
commit	267eb954cc96210985426aa31142ead37bfdc62c
tree	3393204d3c622a4afa4d0c8ca0c20db4ad4e7c14	tree
parent	8fd28a7baaccaba89987f9628632e9c39235c6b5	commit \| diff

Ensure maxlen is at leat 1 in dict_int

The dict_int text search dictionary template accepts maxlen parameter,
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does

txt[d->maxlen] = '\0';

to insert a terminator, leading to segfaults with negative values.

This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.

Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4

contrib/dict_int/dict_int.c		diff \| blob \| blame \| history
contrib/dict_int/expected/dict_int.out		diff \| blob \| blame \| history
contrib/dict_int/sql/dict_int.sql		diff \| blob \| blame \| history