mirror of https://github.com/postgres/postgres.git synced 2025-12-19 17:02:53 +03:00

Go to file

Jacob Champion f5999f0181 libpq: Prevent some overflows of int/size_t

Several functions could overflow their size calculations, when presented
with very large inputs from remote and/or untrusted locations, and then
allocate buffers that were too small to hold the intended contents.

Switch from int to size_t where appropriate, and check for overflow
conditions when the inputs could have plausibly originated outside of
the libpq trust boundary. (Overflows from within the trust boundary are
still possible, but these will be fixed separately.) A version of
add_size() is ported from the backend to assist with code that performs
more complicated concatenation.

Reported-by: Aleksey Solovev (Positive Technologies)
Reviewed-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Álvaro Herrera <alvherre@kurilemu.de>
Security: CVE-2025-12818
Backpatch-through: 13

2025-11-10 06:03:03 -08:00

config

Don't put library-supplied -L/-I switches before user-supplied ones.

2025-07-29 15:17:41 -04:00

contrib

postgres_fdw: Add more test coverage for EvalPlanQual testing.

2025-11-06 12:15:02 +09:00

doc

Release notes for 18.1, 17.7, 16.11, 15.15, 14.20, 13.23.

2025-11-09 12:30:08 -05:00

src

libpq: Prevent some overflows of int/size_t

2025-11-10 06:03:03 -08:00

.abi-compliance-history

Add commit 24f6c1bd4 to v17 .abi-compliance-history.

2025-10-22 11:13:00 -04:00

.cirrus.star

ci: Simplify ci-os-only handling

2025-08-14 12:02:42 -04:00

.cirrus.tasks.yml

ci: Add missing "set -e" to scripts run by su.

2025-11-06 14:18:16 +13:00

.cirrus.yml

ci: Per-repo configuration for manually trigger tasks

2025-08-14 11:33:47 -04:00

.dir-locals.el

Make Emacs perl-mode indent more like perltidy.

2019-01-13 11:32:31 -08:00

.editorconfig

Add .editorconfig

2019-12-18 09:13:13 +01:00

.git-blame-ignore-revs

Add previous commit to .git-blame-ignore-revs.

2025-10-21 10:02:19 -05:00

.gitattributes

Fix git whitespace warning

2025-08-15 10:32:07 +02:00

.gitignore

Update top-level .gitignore.

2022-12-04 15:23:00 -05:00

aclocal.m4

autoconf: Move export_dynamic determination to configure

2022-12-06 18:55:28 -08:00

configure

Stamp 17.6.

2025-08-11 17:04:51 -04:00

configure.ac

Stamp 17.6.

2025-08-11 17:04:51 -04:00

Align organization wording in copyright statement

2025-05-16 11:20:07 -04:00

GNUmakefile.in

Allow selecting the git revision to be packaged by "make dist".

2024-05-03 11:08:50 -04:00

HISTORY

Canonicalize some URLs

2020-02-10 20:47:50 +01:00

Makefile

Adapt REL_17_STABLE to its new status as a stable branch

2024-07-01 08:05:35 +09:00

meson_options.txt

Allow selecting the git revision to be packaged by "make dist".

2024-05-03 11:08:50 -04:00

meson.build

Fix meson build with -Duuid=ossp when using version older than 0.60

2025-09-22 08:03:28 +09:00

README.md

Adapt REL_17_STABLE to its new status as a stable branch

2024-07-01 08:05:35 +09:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/17/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/17/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.

Languages

C 84.9%

PLpgSQL 6.2%

Perl 4.6%

Yacc 1.2%

Meson 0.7%

Other 2.2%