diff options
| author | Neil Conway <neilc@samurai.com> | 2005-05-26 02:04:14 +0000 |
|---|---|---|
| committer | Neil Conway <neilc@samurai.com> | 2005-05-26 02:04:14 +0000 |
| commit | 63e0d612f5a53d76218d4e59a35287391e284561 (patch) | |
| tree | 1acd1cc27ec9fd5855a6878f5f0d93f0683863e0 /src/backend/utils/adt/ruleutils.c | |
| parent | 15e4d1e2a7f565d805692daad895a07802279aea (diff) | |
| download | postgresql-63e0d612f5a53d76218d4e59a35287391e284561.tar.gz postgresql-63e0d612f5a53d76218d4e59a35287391e284561.zip | |
Adjust datetime parsing to be more robust. We now pass the length of the
working buffer into ParseDateTime() and reject too-long input there,
rather than checking the length of the input string before calling
ParseDateTime(). The old method was bogus because ParseDateTime() can use
a variable amount of working space, depending on the content of the
input string (e.g. how many fields need to be NUL terminated). This fixes
a minor stack overrun -- I don't _think_ it's exploitable, although I
won't claim to be an expert.
Along the way, fix a bug reported by Mark Dilger: the working buffer
allocated by interval_in() was too short, which resulted in rejecting
some perfectly valid interval input values. I added a regression test for
this fix.
Diffstat (limited to 'src/backend/utils/adt/ruleutils.c')
0 files changed, 0 insertions, 0 deletions