]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0fb250d) | patch
Fix array overrun in ecpg's version of ParseDateTime().
authorTom Lane <tgl@sss.pgh.pa.us>
Tue, 7 Oct 2014 01:23:20 +0000 (21:23 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Tue, 7 Oct 2014 01:23:39 +0000 (21:23 -0400)
commitb513205bc3b13d5945743f41c9fd19b9b5a94ae8
tree11444d57b2a8fd4b2c317d76c574b6f7b5b050b3tree | snapshot
parent0fb250dae751c6b8f6f3587cdb610b180fb7125acommit | diff
Fix array overrun in ecpg's version of ParseDateTime().

The code wrote a value into the caller's field[] array before checking
to see if there was room, which of course is backwards.  Per report from
Michael Paquier.

I fixed the equivalent bug in the backend's version of this code way back
in 630684d3a130bb93, but failed to think about ecpg's copy.  Fortunately
this doesn't look like it would be exploitable for anything worse than a
core dump: an external attacker would have no control over the single word
that gets written.
src/interfaces/ecpg/pgtypeslib/dt_common.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.