database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-16 17:07:43 +03:00
Code Activity

Detect buffer underflow in get_th()

Browse Source 
Input with zero length can result in a buffer underflow when
accessing *(num + (len - 1)), as (len - 1) would produce a negative
index.  Add an assertion for zero-length input to prevent it.

This was found by ALT Linux Team.

Reviewing the call sites shows that get_th() currently cannot be
applied to an empty string: it is always called on a string containing
a number we've just printed.  Therefore, an assertion rather than a
user-facing error message is sufficient.

Co-authored-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Discussion: https://www.postgresql.org/message-id/flat/e22df993-cdb4-4d0a-b629-42211ebed582@altlinux.org
This commit is contained in:
Peter Eisentraut
2025-08-18 11:03:22 +02:00
parent df9133fa63
commit c61d51d500
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/utils/adt/formatting.c
View File

@@ -1565,6 +1565,8 @@ get_th(char *num, int type)
int len = strlen(num),
last;
Assert(len > 0);
last = *(num + (len - 1));
if (!isdigit((unsigned char) last))
ereport(ERROR,