postgresql/contrib/ltree
Noah Misch 31400a6733 Predict integer overflow to avoid buffer overruns.
Several functions, mostly type input functions, calculated an allocation
size such that the calculation wrapped to a small positive value when
arguments implied a sufficiently-large requirement.  Writes past the end
of the inadvertent small allocation followed shortly thereafter.
Coverity identified the path_in() vulnerability; code inspection led to
the rest.  In passing, add check_stack_depth() to prevent stack overflow
in related functions.

Back-patch to 8.4 (all supported versions).  The non-comment hstore
changes touch code that did not exist in 8.4, so that part stops at 9.0.

Noah Misch and Heikki Linnakangas, reviewed by Tom Lane.

Security: CVE-2014-0064
2014-02-17 09:33:31 -05:00
..
data
expected
sql
_ltree_gist.c
_ltree_op.c
.gitignore
crc32.c
crc32.h
lquery_op.c
ltree_gist.c
ltree_io.c Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltree_op.c Split tuple struct defs from htup.h to htup_details.h 2012-08-30 16:52:35 -04:00
ltree--1.0.sql
ltree--unpackaged--1.0.sql
ltree.control
ltree.h Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltreetest.sql
ltxtquery_io.c Predict integer overflow to avoid buffer overruns. 2014-02-17 09:33:31 -05:00
ltxtquery_op.c Remove unreachable code 2012-07-16 22:15:03 +03:00
Makefile