mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-01-30 19:00:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

pg_freespacemap: Fix declaration of pg_freespace(regclass)

Browse Source 
This function called generate_series() without enforcing its input
argument types, making possible for an attacker to catch this call, by
defining for example a generate_series(int,bigint).

The internals of pg_freespace(regclass) are changed to force the use of
bigint for the inputs of generate_series().  A more consistent style is
applied for all its hardcoded values, while on it.

Issue introduced in 3f323eba89.

Reported-by: Noah Misch
Reviewed-by: Noah Misch
Discussion: https://postgr.es/m/20250106190428.ec.nmisch@google.com
This commit is contained in:
Michael Paquier 2025-01-08 13:16:43 +09:00
parent 3f482940db
commit e0c3d5122e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql
View File

@ -9,5 +9,5 @@ RETURNS SETOF RECORD
LANGUAGE SQL PARALLEL SAFE
BEGIN ATOMIC
SELECT blkno, pg_freespace($1, blkno) AS avail
FROM generate_series(0, pg_relation_size($1) / current_setting('block_size')::bigint - 1) AS blkno;
FROM generate_series('0'::bigint, pg_relation_size($1) / current_setting('block_size'::text)::bigint - '1'::bigint) AS blkno;
END;