Add guard code to protect from buffer overruns on long date/time input
Thomas G. Lockhart <lockhart@fourpalms.org>
Add guard code to protect from buffer overruns on long date/time input strings. Should go back in and look at doing this a bit more elegantly and (hopefully) cheaper. Probably not too bad anyway, but it seems a shame to scan the strings twice: once for length for this buffer overrun protection, and once to parse the line. Remove use of pow() in date/time handling; was already gone from everything *but* the time data types. Define macros for handling typmod manipulation for date/time types. Should be more robust than all of that brute-force inline code. Rename macros for masking and typmod manipulation to put TIMESTAMP_ or INTERVAL_ in front of the macro name, to reduce the possibility of name space collisions.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/utils/adt/date.c | modified | +80 −22 |
| src/backend/utils/adt/datetime.c | modified | +260 −249 |
| src/backend/utils/adt/format_type.c | modified | +29 −21 |
| src/backend/utils/adt/nabstime.c | modified | +5 −5 |
| src/backend/utils/adt/timestamp.c | modified | +44 −23 |
| src/backend/utils/adt/varlena.c | modified | +2 −2 |