]> git.ipfire.org Git - thirdparty/postgresql.git/commitdiff
projects / thirdparty / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc1fd3d)
Use palloc_array() in a few more places to avoid overflow
authorHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:18:06 +0000 (21:18 +0300)
committerHeikki Linnakangas <heikki.linnakangas@iki.fi>
Mon, 11 May 2026 18:29:18 +0000 (21:29 +0300)
These could overflow on 32-bit systems.

Backpatch-through: 14
Security: CVE-2026-6473

contrib/hstore_plperl/hstore_plperl.c patch | blob | blame | history
contrib/hstore_plpython/hstore_plpython.c patch | blob | blame | history

diff --git a/contrib/hstore_plperl/hstore_plperl.c b/contrib/hstore_plperl/hstore_plperl.c
index 417b721cff9ae63545b43595d7966e835d96ca0e..f4c742edfa96cbd7526e2a79361ce80936d000f8 100644 (file)
--- a/contrib/hstore_plperl/hstore_plperl.c
+++ b/contrib/hstore_plperl/hstore_plperl.c
@@ -121,7 +121,7 @@ plperl_to_hstore(PG_FUNCTION_ARGS)
 
        pcount = hv_iterinit(hv);
 
-       pairs = palloc(pcount * sizeof(Pairs));
+       pairs = palloc_array(Pairs, pcount);
 
        i = 0;
        while ((he = hv_iternext(hv)))
diff --git a/contrib/hstore_plpython/hstore_plpython.c b/contrib/hstore_plpython/hstore_plpython.c
index 4b3ef025f2eb90007535ecadc855da40541dad01..de89511994c831fa924451c2533be875bfa341ea 100644 (file)
--- a/contrib/hstore_plpython/hstore_plpython.c
+++ b/contrib/hstore_plpython/hstore_plpython.c
@@ -149,7 +149,7 @@ plpython_to_hstore(PG_FUNCTION_ARGS)
                Py_ssize_t      i;
                Pairs      *pairs;
 
-               pairs = palloc(pcount * sizeof(*pairs));
+               pairs = palloc_array(Pairs, pcount);
 
                for (i = 0; i < pcount; i++)
                {
Mirror of https://git.postgresql.org/git/postgresql.git