diff options
| author | Michael Paquier <michael@paquier.xyz> | 2025-01-08 13:16:43 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2025-01-08 13:16:43 +0900 |
| commit | e0c3d5122e6a4114af3092b7938c9b43d619e62c (patch) | |
| tree | d20b2f3af28e22162432615433c7039604d6c47b | |
| parent | 3f482940dbcbd15834a67894f4d9efdf5ceb7e16 (diff) | |
| download | postgresql-e0c3d5122e6a4114af3092b7938c9b43d619e62c.tar.gz postgresql-e0c3d5122e6a4114af3092b7938c9b43d619e62c.zip | |
pg_freespacemap: Fix declaration of pg_freespace(regclass)
This function called generate_series() without enforcing its input
argument types, making possible for an attacker to catch this call, by
defining for example a generate_series(int,bigint).
The internals of pg_freespace(regclass) are changed to force the use of
bigint for the inputs of generate_series(). A more consistent style is
applied for all its hardcoded values, while on it.
Issue introduced in 3f323eba89fb.
Reported-by: Noah Misch
Reviewed-by: Noah Misch
Discussion: https://postgr.es/m/20250106190428.ec.nmisch@google.com
| -rw-r--r-- | contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql b/contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql index 7f92c9e92e3..4986109bdaf 100644 --- a/contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql +++ b/contrib/pg_freespacemap/pg_freespacemap--1.2--1.3.sql @@ -9,5 +9,5 @@ RETURNS SETOF RECORD LANGUAGE SQL PARALLEL SAFE BEGIN ATOMIC SELECT blkno, pg_freespace($1, blkno) AS avail - FROM generate_series(0, pg_relation_size($1) / current_setting('block_size')::bigint - 1) AS blkno; + FROM generate_series('0'::bigint, pg_relation_size($1) / current_setting('block_size'::text)::bigint - '1'::bigint) AS blkno; END; |