]> git.ipfire.org Git - thirdparty/postgresql.git/commitdiff
projects / thirdparty / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36f52a5)
Use palloc_array() in a few more places to avoid overflow
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:18:06 +0000 (21:18 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:27:55 +0000 (21:27 +0300)
These could overflow on 32-bit systems.

Backpatch-through: 14
Security: CVE-2026-6473

contrib/hstore_plperl/hstore_plperl.c patch | blob | blame | history
contrib/hstore_plpython/hstore_plpython.c patch | blob | blame | history

diff --git a/contrib/hstore_plperl/hstore_plperl.c b/contrib/hstore_plperl/hstore_plperl.c
index 69001191cc0ceb90c88c4eab6666b43bd224d037..996b46b148d85bff0b5e47934bfabbcb02dbdb85 100644 (file)
--- a/contrib/hstore_plperl/hstore_plperl.c
+++ b/contrib/hstore_plperl/hstore_plperl.c
@@ -122,7 +122,7 @@ plperl_to_hstore(PG_FUNCTION_ARGS)
 
        pcount = hv_iterinit(hv);
 
-       pairs = palloc(pcount * sizeof(Pairs));
+       pairs = palloc_array(Pairs, pcount);
 
        i = 0;
        while ((he = hv_iternext(hv)))
diff --git a/contrib/hstore_plpython/hstore_plpython.c b/contrib/hstore_plpython/hstore_plpython.c
index d2be030e07cb714b0711d75126427509d20e976c..f1e483980f4c773c0e83bacff5f7991d5e7de6e4 100644 (file)
--- a/contrib/hstore_plpython/hstore_plpython.c
+++ b/contrib/hstore_plpython/hstore_plpython.c
@@ -151,7 +151,7 @@ plpython_to_hstore(PG_FUNCTION_ARGS)
                Py_ssize_t      i;
                Pairs      *pairs;
 
-               pairs = palloc(pcount * sizeof(*pairs));
+               pairs = palloc_array(Pairs, pcount);
 
                for (i = 0; i < pcount; i++)
                {
Mirror of https://git.postgresql.org/git/postgresql.git