-
- Downloads
Adjust datetime parsing to be more robust. We now pass the length of the
working buffer into ParseDateTime() and reject too-long input there, rather than checking the length of the input string before calling ParseDateTime(). The old method was bogus because ParseDateTime() can use a variable amount of working space, depending on the content of the input string (e.g. how many fields need to be NUL terminated). This fixes a minor stack overrun -- I don't _think_ it's exploitable, although I won't claim to be an expert. Along the way, fix a bug reported by Mark Dilger: the working buffer allocated by interval_in() was too short, which resulted in rejecting some perfectly valid interval input values. I added a regression test for this fix.
Showing
- src/backend/utils/adt/date.c 10 additions, 16 deletionssrc/backend/utils/adt/date.c
- src/backend/utils/adt/datetime.c 47 additions, 30 deletionssrc/backend/utils/adt/datetime.c
- src/backend/utils/adt/nabstime.c 7 additions, 11 deletionssrc/backend/utils/adt/nabstime.c
- src/backend/utils/adt/timestamp.c 10 additions, 16 deletionssrc/backend/utils/adt/timestamp.c
- src/include/utils/datetime.h 2 additions, 2 deletionssrc/include/utils/datetime.h
- src/test/regress/expected/interval.out 7 additions, 0 deletionssrc/test/regress/expected/interval.out
- src/test/regress/sql/interval.sql 3 additions, 0 deletionssrc/test/regress/sql/interval.sql
Loading
Please register or sign in to comment