]> git.ipfire.org Git - thirdparty/postgresql.git/commitdiff
projects / thirdparty / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 05e73b5)
Use palloc_array() in a few more places to avoid overflow
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:18:06 +0000 (21:18 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:28:46 +0000 (21:28 +0300)
These could overflow on 32-bit systems.

Backpatch-through: 14
Security: CVE-2026-6473

contrib/hstore_plperl/hstore_plperl.c patch | blob | blame | history
contrib/hstore_plpython/hstore_plpython.c patch | blob | blame | history

diff --git a/contrib/hstore_plperl/hstore_plperl.c b/contrib/hstore_plperl/hstore_plperl.c
index 31393b4fa504d3d2e5c0bd9f0d14d8540d590c1c..2727a5f2ceb3db68b70f96a11d459d93981343c8 100644 (file)
--- a/contrib/hstore_plperl/hstore_plperl.c
+++ b/contrib/hstore_plperl/hstore_plperl.c
@@ -121,7 +121,7 @@ plperl_to_hstore(PG_FUNCTION_ARGS)
 
        pcount = hv_iterinit(hv);
 
-       pairs = palloc(pcount * sizeof(Pairs));
+       pairs = palloc_array(Pairs, pcount);
 
        i = 0;
        while ((he = hv_iternext(hv)))
diff --git a/contrib/hstore_plpython/hstore_plpython.c b/contrib/hstore_plpython/hstore_plpython.c
index e2bfc6da38e18230cef9f62b33783786090bf5cb..b0af13945bbb83df343fd69cc25824e3c9d5fad3 100644 (file)
--- a/contrib/hstore_plpython/hstore_plpython.c
+++ b/contrib/hstore_plpython/hstore_plpython.c
@@ -150,7 +150,7 @@ plpython_to_hstore(PG_FUNCTION_ARGS)
                Py_ssize_t      i;
                Pairs      *pairs;
 
-               pairs = palloc(pcount * sizeof(*pairs));
+               pairs = palloc_array(Pairs, pcount);
 
                for (i = 0; i < pcount; i++)
                {
Mirror of https://git.postgresql.org/git/postgresql.git