summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 283f095)
raw | patch | inline | side by side (parent: 283f095)
| author | Tomas Vondra <tomas.vondra@postgresql.org> | |
| Tue, 3 Dec 2019 15:55:51 +0000 (16:55 +0100) | ||
| committer | Tomas Vondra <tomas.vondra@postgresql.org> | |
| Tue, 3 Dec 2019 17:42:25 +0000 (18:42 +0100) |
The dict_int text search dictionary template accepts maxlen parameter,
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does
txt[d->maxlen] = '\0';
to insert a terminator, leading to segfaults with negative values.
This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.
Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4
which is then used to cap the length of input strings. The value was
not properly checked, and the code simply does
txt[d->maxlen] = '\0';
to insert a terminator, leading to segfaults with negative values.
This commit simply rejects values less than 1. The issue was there since
dct_int was introduced in 9.3, so backpatch all the way back to 9.4
which is the oldest supported version.
Reported-by: cili
Discussion: https://postgr.es/m/16144-a36a5bef7657047d@postgresql.org
Backpatch-through: 9.4
| contrib/dict_int/dict_int.c | patch | blob | blame | history | |
| contrib/dict_int/expected/dict_int.out | patch | blob | blame | history | |
| contrib/dict_int/sql/dict_int.sql | patch | blob | blame | history |
index 935dbd4c82c7fd7bf540ff30ea0a7ebc5dd2d6ed..b87739e99cfaa1de136ddb0b476ebfd22b9b3dc6 100644 (file)
if (pg_strcasecmp(defel->defname, "MAXLEN") == 0)
{
d->maxlen = atoi(defGetString(defel));
+
+ if (d->maxlen < 1)
+ ereport(ERROR,
+ (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+ errmsg("maxlen value has to be >= 1")));
}
else if (pg_strcasecmp(defel->defname, "REJECTLONG") == 0)
{
index 3b766ec52ade4616d613b77fa646a285ab1221a7..483e700d23153826260941955409c00c4961f22e 100644 (file)
{314532}
(1 row)
+ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = -214783648);
+ERROR: maxlen value has to be >= 1
index 8ffec6b77089a45984068d7f38f693f450eefa90..5c27accff4a4ab9fb034c1f08d7db9c8c8b9362b 100644 (file)
select ts_lexize('intdict', '313425');
select ts_lexize('intdict', '641439323669');
select ts_lexize('intdict', '314532610153');
+
+ALTER TEXT SEARCH DICTIONARY intdict (MAXLEN = -214783648);