repeat_fix-3.patch

text/x-patch

Filename: repeat_fix-3.patch
Type: text/x-patch
Part: 0
Message: Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)

Patch

Same data as JSON: GET /api/v1/attachments/:id/patch the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes. API reference →
Format: context
File+
src/backend/utils/adt/oracle_compat.c 10 0
Index: src/backend/utils/adt/oracle_compat.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/utils/adt/oracle_compat.c,v
retrieving revision 1.37
diff -c -r1.37 oracle_compat.c
*** src/backend/utils/adt/oracle_compat.c	8 Jan 2002 17:03:41 -0000	1.37
--- src/backend/utils/adt/oracle_compat.c	21 Aug 2002 21:03:59 -0000
***************
*** 997,1002 ****
--- 997,1012 ----
  	slen = (VARSIZE(string) - VARHDRSZ);
  	tlen = (VARHDRSZ + (count * slen));
  
+ 	/* Check for integer overflow */
+ 	if (slen != 0 && count != 0)
+ 	{
+ 		int check = count * slen;
+ 		int check2 = check + VARHDRSZ;
+ 
+ 		if ((check / slen) != count || check2 <= check)
+ 			elog(ERROR, "Requested buffer is too large.");
+ 	}
+ 
  	result = (text *) palloc(tlen);
  
  	VARATT_SIZEP(result) = tlen;